idnits 2.17.1 draft-ietf-teas-rsvp-ingress-protection-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: The backup ingress may be off-path or on-path of an LSP. If a backup ingress is not any node of the LSP, it is off-path. If a backup ingress is a next-hop of the primary ingress of the LSP, it is on-path. When a backup ingress for protecting the primary ingress is configured, the backup ingress MUST not be on the LSP except for it is the next hop of the primary ingress. If it is on-path, the primary forwarding state associated with the primary LSP SHOULD be clearly separated from the backup LSP(s) state. -- The document date (March 1, 2018) is 2240 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'Ib' is mentioned on line 184, but not defined == Missing Reference: 'L3' is mentioned on line 184, but not defined == Missing Reference: 'RFC3936' is mentioned on line 1011, but not defined == Unused Reference: 'RFC2119' is defined on line 1128, but no explicit reference was found in the text == Unused Reference: 'RFC3031' is defined on line 1133, but no explicit reference was found in the text == Unused Reference: 'RFC3209' is defined on line 1138, but no explicit reference was found in the text == Unused Reference: 'RFC4875' is defined on line 1148, but no explicit reference was found in the text == Unused Reference: 'RFC6378' is defined on line 1157, but no explicit reference was found in the text Summary: 0 errors (**), 0 flaws (~~), 11 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force H. Chen, Ed. 3 Internet-Draft Huawei Technologies 4 Intended status: Experimental R. Torvi, Ed. 5 Expires: September 2, 2018 Juniper Networks 6 March 1, 2018 8 Extensions to RSVP-TE for LSP Ingress FRR Protection 9 draft-ietf-teas-rsvp-ingress-protection-16.txt 11 Abstract 13 This document describes extensions to Resource Reservation Protocol - 14 Traffic Engineering (RSVP-TE) for locally protecting the ingress node 15 of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP) Traffic 16 Engineered (TE) Label Switched Path (LSP). It extends the fast- 17 reroute (FRR) protection for transit nodes of an LSP to the ingress 18 node of the LSP. The procedures described in this document are 19 experimental. 21 Status of this Memo 23 This Internet-Draft is submitted to IETF in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on September 2, 2018. 38 Copyright Notice 40 Copyright (c) 2018 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 1.1. Ingress Local Protection Example . . . . . . . . . . . . . 4 57 1.2. Ingress Local Protection Overview . . . . . . . . . . . . 5 58 2. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 5 59 2.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 6 60 2.2. Backup and Source Detect Failure . . . . . . . . . . . . . 6 61 3. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 7 62 3.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 7 63 4. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 8 64 4.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 8 65 4.1.1. Subobject: Backup Ingress IPv4 Address . . . . . . . . 10 66 4.1.2. Subobject: Backup Ingress IPv6 Address . . . . . . . . 10 67 4.1.3. Subobject: Ingress IPv4 Address . . . . . . . . . . . 11 68 4.1.4. Subobject: Ingress IPv6 Address . . . . . . . . . . . 11 69 4.1.5. Subobject: Traffic Descriptor . . . . . . . . . . . . 12 70 4.1.6. Subobject: Label-Routes . . . . . . . . . . . . . . . 12 71 5. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 13 72 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 13 73 5.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13 74 5.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 14 75 5.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 15 76 5.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 15 77 5.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 16 78 5.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 17 79 5.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 18 80 5.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 20 81 5.3.3. Failure Detection and Refresh PATH Messages . . . . . 21 82 5.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 21 83 5.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 21 84 5.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 22 85 6. Security Considerations . . . . . . . . . . . . . . . . . . . 22 86 7. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 22 87 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 88 9. Co-authors and Contributors . . . . . . . . . . . . . . . . . 23 89 10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 25 90 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 91 11.1. Normative References . . . . . . . . . . . . . . . . . . . 26 92 11.2. Informative References . . . . . . . . . . . . . . . . . . 26 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 95 1. Introduction 97 For a MPLS TE LSP, protecting the failures of its transit nodes using 98 fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875 99 for P2MP LSP. However, protecting the failure of its ingress node 100 using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS 101 Transport Profile (MPLS-TP) Linear Protection described in RFC 6378 102 can provide a protection against the failure of any transit node of a 103 LSP between the ingress node and the egress node of the LSP, but 104 cannot protect against the failure of the ingress node. 106 To protect against the failure of the (primary) ingress node of a 107 primary end to end P2MP (or P2P) TE LSP, a typical existing solution 108 is to set up a secondary backup end to end P2MP (or P2P) TE LSP. The 109 backup LSP is from a backup ingress node to backup egress nodes (or 110 node). The backup ingress node is different from the primary ingress 111 node. The backup egress nodes (or node) are (or is) different from 112 the primary egress nodes (or node) of the primary LSP. For a P2MP TE 113 LSP, on each of the primary (and backup) egress nodes, a P2P LSP is 114 created from the egress node to its primary (backup) ingress node and 115 configured with BFD. This is used to detect the failure of the 116 primary (backup) ingress node for the receiver to switch to the 117 backup (or primary) egress node to receive the traffic after the 118 primary (or backup) ingress node fails when both the primary LSP and 119 the secondary LSP carry the traffic. In addition, FRR may be used to 120 provide protections against the failures of the transit nodes and the 121 links of the primary and secondary end to end TE LSPs. 123 There are a number of issues in this solution: 125 o It consumes lots of network resources. Double states need to be 126 maintained in the network since two end to end TE LSPs are 127 created. Double link bandwidth is reserved and used when both the 128 primary and the secondary end to end TE LSPs carry the traffic at 129 the same time. 131 o More operations are needed, which include the configuration of two 132 end to end TE LSPs and BFDs from each of the egress nodes to its 133 corresponding ingress node. 135 o The detection of the failure of the ingress node may not be 136 reliable. Any failure on the path of the BFD from an egress node 137 to an ingress node may cause the BFD to indicate the failure of 138 the ingress node. 140 o The speed of protection against the failure of the ingress node 141 may be slow. 143 This specification defines a simple extension to RSVP-TE for local 144 protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve 145 these issues. Ingress local protection and ingress FRR protection 146 will be used exchangeably. 148 Note that this document is experimental. Two different approaches 149 are proposed to transfer the information for ingress protection. 150 They both use the same new INGRESS_PROTECTION object, which is sent 151 in both PATH and RESV messages between a primary ingress and a backup 152 ingress. One approach is Relay-Message Method (refer to section 153 5.1.1 and 5.2.1), the other is Proxy-Ingress Method (refer to section 154 5.1.2 and 5.2.2). Each of them has its advantages and disadvantages. 155 It is hard to decide which one is used as a standard approach now. 156 After one approach is selected, the document will be revised to 157 reflect that selection and any other items learned from the 158 experiment. The revised document is expected to be submitted for 159 publication on the standards track. 161 1.1. Ingress Local Protection Example 163 Figure 1 shows an example of using a backup P2MP LSP to locally 164 protect the ingress of a primary P2MP LSP, which is from ingress Ia 165 to three egresses: L1, L2 and L3. The backup LSP is from backup 166 ingress Ib to the next hops R2 and R4 of ingress Ia. 168 ******* ******* S Source 169 [R2]-----[R3]-----[L1] Ix Ingress 170 */ & Rx Transit 171 */ & Lx Egress 172 */ & *** Primary LSP 173 */ & &&& Backup LSP across 174 */ & logical hop 175 */ & 176 */ ******** ******** ******* 177 [S]---[Ia]--------[R4]------[R5]-----[L2] 178 \ | & & *\ 179 \ | & & *\ 180 \ | & & *\ 181 \ | & & *\ 182 \ | & & *\ 183 \ |& & *\ 184 [Ib]&&& [L3] 186 Figure 1: Ingress Local Protection 188 In normal operations, source S sends the traffic to primary ingress 189 Ia. Ia imports the traffic into the primary LSP. 191 When source S detects the failure of Ia, it switches the traffic to 192 backup ingress Ib, which imports the traffic from S into the backup 193 LSP to Ia's next hops R2 and R4, where the traffic is merged into the 194 primary LSP, and then sent to egresses L1, L2 and L3. 196 Note that the backup ingress is one logical hop away from the 197 ingress. A logical hop is a direct link or a tunnel such as a GRE 198 tunnel, over which RSVP-TE messages may be exchanged. 200 1.2. Ingress Local Protection Overview 202 There are four parts in ingress local protection: 204 o Setting up the necessary backup LSP forwarding state based on the 205 information received for ingress local protection; 207 o Detecting the primary ingress failure and providing the fast 208 repair (as discussed in Sections 2 and 3); 210 o Maintaining the RSVP-TE control plane state until a global repair 211 is done; and 213 o Performing the global repair(see Section 5.4). 215 The primary ingress of a primary LSP sends the backup ingress the 216 information for ingress protection in a PATH message with a new 217 INGRESS_PROTECTION object. The backup ingress sets up the backup 218 LSP(s) and forwarding state after receiving the necessary information 219 for ingress protection. And then it sends the primary ingress the 220 status of ingress protection in a RESV message with a new 221 INGRESS_PROTECTION object. 223 When the primary ingress fails, the backup ingress sends or refreshes 224 the next hops of the primary ingress the PATH messages without any 225 INGRESS_PROTECTION object after verifying the failure. Thus the 226 RSVP-TE control plane state of the primary LSP is maintained. 228 2. Ingress Failure Detection 230 Exactly how to detect the failure of the ingress is out of scope. 231 However, it is necessary to discuss different modes for detecting the 232 failure because they determine what is the required behavior for the 233 source and backup ingress. 235 2.1. Source Detects Failure 237 Source Detects Failure or Source-Detect for short means that the 238 source is responsible for fast detecting the failure of the primary 239 ingress of an LSP. Fast detecting the failure means detecting the 240 failure in a few or tens of milliseconds. The backup ingress is 241 ready to import the traffic from the source into the backup LSP(s) 242 after the backup LSP(s) is up. 244 In normal operations, the source sends the traffic to the primary 245 ingress. When the source detects the failure of the primary ingress, 246 it switches the traffic to the backup ingress, which delivers the 247 traffic to the next hops of the primary ingress through the backup 248 LSP(s), where the traffic is merged into the primary LSP. 250 For an LSP, after the primary ingress fails, the backup ingress MUST 251 use a method to verify the failure of the primary ingress before the 252 PATH message for the LSP expires at the next hop of the primary 253 ingress. After verifying the failure, the backup ingress sends/ 254 refreshes the PATH message to the next hop through the backup LSP as 255 needed. The method may verify the failure of the primary ingress 256 slowly such as in seconds. 258 After the primary ingress fails, it will not be reachable after 259 routing convergence. Thus checking whether the primary ingress 260 (address) is reachable is a possible method. 262 When the previously failed primary ingress of a primary LSP becomes 263 available again and the primary LSP has recovered from its primary 264 ingress, the source may switches the traffic to the primary ingress 265 from the backup ingress. A operator may control the traffic switch 266 through using a command on the source node after seeing that the 267 primary LSP has recovered. 269 2.2. Backup and Source Detect Failure 271 Backup and Source Detect Failure or Backup-Source-Detect for short 272 means that both the backup ingress and the source are concurrently 273 responsible for fast detecting the failure of the primary ingress. 275 Note that one of the differences between Source-Detect and Backup- 276 Source-Detect is: in the former, the backup ingress verifies the 277 failure of the primary ingress slowly such as in seconds; in the 278 latter, the backup ingress detects the failure fast such as in a few 279 or tens of milliseconds. 281 In normal operations, the source sends the traffic to the primary 282 ingress. It switches the traffic to the backup ingress when it 283 detects the failure of the primary ingress. 285 The backup ingress does not import any traffic from the source into 286 the backup LSP in normal operations. When it detects the failure of 287 the primary ingress, it imports the traffic from the source into the 288 backup LSP to the next hops of the primary ingress, where the traffic 289 is merged into the primary LSP. 291 The source-detect is preferred. It is simpler than the backup- 292 source-detect, which needs both the source and the backup ingress 293 detect the ingress failure quickly. 295 3. Backup Forwarding State 297 Before the primary ingress fails, the backup ingress is responsible 298 for creating the necessary backup LSPs. These LSPs might be multiple 299 bypass P2P LSPs that avoid the ingress. Alternately, the backup 300 ingress could choose to use a single backup P2MP LSP as a bypass or 301 detour to protect the primary ingress of a primary P2MP LSP. 303 The backup ingress may be off-path or on-path of an LSP. If a backup 304 ingress is not any node of the LSP, it is off-path. If a backup 305 ingress is a next-hop of the primary ingress of the LSP, it is on- 306 path. When a backup ingress for protecting the primary ingress is 307 configured, the backup ingress MUST not be on the LSP except for it 308 is the next hop of the primary ingress. If it is on-path, the 309 primary forwarding state associated with the primary LSP SHOULD be 310 clearly separated from the backup LSP(s) state. 312 3.1. Forwarding State for Backup LSP 314 A forwarding entry for a backup LSP is created on the backup ingress 315 after the LSP is set up. Depending on the failure-detection mode 316 (e.g., source-detect), it may be used to forward received traffic or 317 simply be inactive (e.g., backup-source-detect) until required. In 318 either case, when the primary ingress fails, this entry is used to 319 import the traffic into the backup LSP to the next hops of the 320 primary ingress, where the traffic is merged into the primary LSP. 322 The forwarding entry for a backup LSP is a local implementation 323 issue. In one device, it may have an inactive flag. This inactive 324 forwarding entry is not used to forward any traffic normally. When 325 the primary ingress fails, it is changed to active, and thus the 326 traffic from the source is imported into the backup LSP. 328 4. Protocol Extensions 330 A new object INGRESS_PROTECTION is defined for signaling ingress 331 local protection. The primary ingress of a primary LSP sends the 332 backup ingress this object in a PATH message. In this case, the 333 object contains the information needed to set up ingress protection. 334 The information includes: 336 o Backup ingress IP address indicating the backup ingress, 338 o Traffic Descriptor describing the traffic that the primary LSP 339 transports, this traffic is imported into the backup LSP(s) on the 340 backup ingress when the primary ingress fails, 342 o Label and Routes indicating the first hops of the primary LSP, 343 each of which is paired with its label, and 345 o Desire options on ingress protection such as P2MP option 346 indicating a desire to use a backup P2MP LSP to protect the 347 primary ingress of a primary P2MP LSP. 349 The backup ingress sends the primary ingress this object in a RESV 350 message. In this case, the object contains the information about the 351 status on the ingress protection. 353 4.1. INGRESS_PROTECTION Object 355 The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH 356 message is used to control the backup for protecting the primary 357 ingress of a primary LSP. The primary ingress MUST insert this 358 object into the PATH message to be sent to the backup ingress for 359 protecting the primary ingress. It has the following format: 361 Class-Num = TBD C-Type = 1 for INGRESS_PROTECTION_IP 362 0 1 2 3 363 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 364 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 365 | Length (bytes) | Class-Num | C-Type | 366 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 | Reserved (zero) | NUB | Flags | Options | 368 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 ~ (Subobjects) ~ 370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 NUB Number of Unprotected Branches 372 Flags 373 0x01 Ingress local protection available 374 0x02 Ingress local protection in use 375 0x04 Bandwidth protection 377 Options 378 0x01 Revert to Ingress 379 0x02 P2MP Backup 381 For protecting the ingress of a P2MP LSP, if the backup ingress 382 doesn't have a backup LSP to each of the next hops of the primary 383 ingress, it SHOULD clear "Ingress local protection available" and set 384 NUB to the number of the next hops to which there is no backup LSP. 386 The flags are used to communicate status information from the backup 387 ingress to the primary ingress. 389 o Ingress local protection available: The backup ingress MUST set 390 this flag after backup LSPs are up and ready for locally 391 protecting the primary ingress. The backup ingress sends this to 392 the primary ingress to indicate that the primary ingress is 393 locally protected. 395 o Ingress local protection in use: The backup ingress MUST set this 396 flag when it detects a failure in the primary ingress and actively 397 redirects the traffic into the backup LSPs. The backup ingress 398 records this flag and does not send any RESV message with this 399 flag to the primary ingress since the primary ingress is down. 401 o Bandwidth protection: The backup ingress MUST set this flag if the 402 backup LSPs guarantee to provide desired bandwidth for the 403 protected LSP against the primary ingress failure. 405 The options are used by the primary ingress to specify the desired 406 behavior to the backup ingress. 408 o Revert to Ingress: The primary ingress sets this option indicating 409 that the traffic for the primary LSP successfully re-signaled will 410 be switched back to the primary ingress from the backup ingress 411 when the primary ingress is restored. 413 o P2MP Backup: This option is set to ask for the backup ingress to 414 use backup P2MP LSP to protect the primary ingress. 416 The INGRESS_PROTECTION object may contain some sub objects of 417 following format: 419 0 1 2 3 420 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 421 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 422 | Type | Length |Reserved (zero)| 423 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 424 | Contents/Body of subobject | 425 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 427 where Type is the type of a sub object, Length is the total size of 428 the sub object in bytes, including Type, Length and Contents fields. 430 4.1.1. Subobject: Backup Ingress IPv4 Address 432 When the primary ingress of a protected LSP sends a PATH message with 433 an INGRESS_PROTECTION object to the backup ingress, the object MUST 434 have a Backup Ingress IPv4 Address sub object containing an IPv4 435 address belonging to the backup ingress if IPv4 is used. The Type of 436 the sub object is TBD1 (the exact number to be assigned by IANA), and 437 the body of the sub object is given below: 439 0 1 2 3 440 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 441 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 442 | Backup ingress IPv4 address (4 bytes) | 443 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 445 Backup ingress IPv4 address: An IPv4 host address of backup ingress 447 4.1.2. Subobject: Backup Ingress IPv6 Address 449 When the primary ingress of a protected LSP sends a PATH message with 450 an INGRESS_PROTECTION object to the backup ingress, the object MUST 451 have a Backup Ingress IPv6 Address sub object containing an IPv6 452 address belonging to the backup ingress if IPv6 is used. The Type of 453 the sub object is TBD2, the body of the sub object is given below: 455 0 1 2 3 456 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 458 | Backup ingress IPv6 address (16 bytes) | 459 ~ ~ 460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 462 Backup ingress IPv6 address: An IPv6 host address of backup ingress 464 4.1.3. Subobject: Ingress IPv4 Address 466 The INGRESS_PROTECTION object may have an Ingress IPv4 Address sub 467 object containing an IPv4 address belonging to the primary ingress if 468 IPv4 is used. The Type of the sub object is TBD3. The sub object 469 has the following body: 471 0 1 2 3 472 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 474 | Ingress IPv4 address (4 bytes) | 475 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 477 Ingress IPv4 address: An IPv4 host address of ingress 479 4.1.4. Subobject: Ingress IPv6 Address 481 The INGRESS_PROTECTION object may have an Ingress IPv6 Address sub 482 object containing an IPv6 address belonging to the primary ingress if 483 IPv6 is used. The Type of the sub object is TBD4. The sub object 484 has the following body: 486 0 1 2 3 487 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 488 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 489 | Ingress IPv6 address (16 bytes) | 490 ~ ~ 491 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 493 Ingress IPv6 address: An IPv6 host address of ingress 495 4.1.5. Subobject: Traffic Descriptor 497 The INGRESS_PROTECTION object may have a Traffic Descriptor sub 498 object describing the traffic to be mapped to the backup LSP on the 499 backup ingress for locally protecting the primary ingress. The Type 500 of the sub object is TBD5, TBD6, TBD7 or TBD8 for Interface, IPv4 501 Prefix, IPv6 Prefix or Application Identifier respectively. The sub 502 object has the following body: 504 0 1 2 3 505 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 506 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 507 | Traffic Element 1 | 508 ~ ~ 509 | Traffic Element n | 510 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 512 The Traffic Descriptor sub object may contain multiple Traffic 513 Elements of same type as follows: 515 o Interface Traffic (Type TBD5): Each of the Traffic Elements is a 516 32 bit index of an interface, from which the traffic is imported 517 into the backup LSP. 519 o IPv4 Prefix Traffic (Type TBD6): Each of the Traffic Elements is 520 an IPv4 prefix, containing an 8-bit prefix length followed by an 521 IPv4 address prefix, whose length, in bits, is specified by the 522 prefix length, padded to a byte boundary. 524 o IPv6 Prefix Traffic (Type TBD7): Each of the Traffic Elements is 525 an IPv6 prefix, containing an 8-bit prefix length followed by an 526 IPv6 address prefix, whose length, in bits, is specified by the 527 prefix length, padded to a byte boundary. 529 o Application Traffic (Type TBD8): Each of the Traffic Elements is a 530 32 bit identifier of an application, from which the traffic is 531 imported into the backup LSP. 533 4.1.6. Subobject: Label-Routes 535 The INGRESS_PROTECTION object in a PATH message from the primary 536 ingress to the backup ingress may have a Label-Routes sub object 537 containing the labels and routes that the next hops of the ingress 538 use. The Type of the sub object is TBD9. The sub object has the 539 following body: 541 0 1 2 3 542 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 543 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 ~ Subobjects ~ 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 547 The Subobjects in the Label-Routes are copied from those in the 548 RECORD_ROUTE objects in the RESV messages that the primary ingress 549 receives from its next hops for the primary LSP. They MUST contain 550 the first hops of the LSP, each of which is paired with its label. 552 5. Behavior of Ingress Protection 554 5.1. Overview 556 There are two different proposed signaling approaches to transfer the 557 information for ingress protection. They both use the same new 558 INGRESS_PROTECTION object. The object is sent in both PATH and RESV 559 messages. 561 5.1.1. Relay-Message Method 563 The primary ingress relays the information for ingress protection of 564 an LSP to the backup ingress via PATH messages. Once the LSP is 565 created, the ingress of the LSP sends the backup ingress a PATH 566 message with an INGRESS_PROTECTION object with Label-Routes 567 subobject, which is populated with the next-hops and labels. This 568 provides sufficient information for the backup ingress to create the 569 appropriate forwarding state and backup LSP(s). 571 The ingress also sends the backup ingress all the other PATH messages 572 for the LSP with an empty INGRESS_PROTECTION object. An 573 INGRESS_PROTECTION object without any Traffic-Descriptor sub-object 574 is called an empty INGRESS_PROTECTION object. Thus, the backup 575 ingress has access to all the PATH messages needed for modification 576 to refresh control-plane state after a failure. 578 The empty INGRESS_PROTECTION object is for efficient processing of 579 ingress protection for a P2MP LSP. For a P2MP LSP, its primary 580 ingress may have more than one PATH messages, each of which is sent 581 to a next hop along a branch of the P2MP LSP. The PATH message along 582 a branch will be selected and sent to the backup ingress with an 583 INGRESS_PROTECTION object containing the Traffic-Descriptor sub- 584 object; all the PATH messages along the other branches will be sent 585 to the backup ingress containing an INGRESS_PROTECTION object without 586 any Traffic-Descriptor sub-object (empty INGRESS_PROTECTION object). 588 For a P2MP LSP, the backup ingress only needs one Traffic-Descriptor. 590 5.1.2. Proxy-Ingress Method 592 Conceptually, a proxy ingress is created that starts the RSVP 593 signaling. The explicit path of the LSP goes from the proxy ingress 594 to the backup ingress and then to the real ingress. The behavior and 595 signaling for the proxy ingress is done by the real ingress; the use 596 of a proxy ingress address avoids problems with loop detection. Note 597 that the proxy ingress MUST reside within the same router as the real 598 ingress. 600 [ traffic source ] *** Primary LSP 601 $ $ --- Backup LSP 602 $ $ $$ Link 603 $ $ 604 [ proxy ingress ] [ backup ] 605 [ & ingress ] | 606 * | 607 *****[ MP ]----| 609 Figure 2: Example Protected LSP with Proxy Ingress Node 611 The backup ingress MUST know the merge points or next-hops and their 612 associated labels. This is accomplished by having the RSVP PATH and 613 RESV messages go through the backup ingress, although the forwarding 614 path need not go through the backup ingress. If the backup ingress 615 fails, the ingress simply removes the INGRESS_PROTECTION object and 616 forwards the PATH messages to the LSP's next-hop(s). If the ingress 617 has its LSP configured for ingress protection, then the ingress can 618 add the backup ingress and itself to the ERO and start forwarding the 619 PATH messages to the backup ingress. 621 Slightly different behavior can apply for the on-path and off-path 622 cases. In the on-path case, the backup ingress is a next hop node 623 after the ingress for the LSP. In the off-path, the backup ingress 624 is not any next-hop node after the ingress for all associated sub- 625 LSPs. 627 The key advantage of this approach is that it minimizes the special 628 handling code required. Because the backup ingress is on the 629 signaling path, it can receive various notifications. It easily has 630 access to all the PATH messages needed for modification to be sent to 631 refresh control-plane state after a failure. 633 5.2. Ingress Behavior 635 The primary ingress MUST be configured with a couple of pieces of 636 information for ingress protection. 638 o Backup Ingress Address: The primary ingress MUST know the IP 639 address of the backup ingress it wants to be used before it can 640 use the INGRESS_PROTECTION object. 642 o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The 643 Proxy-Ingress-Id is only used in the Record Route Object for 644 recording the proxy-ingress. If no proxy-ingress-id is specified, 645 then a local interface address that will not otherwise be included 646 in the Record Route Object can be used. A similar technique is 647 used in [RFC4090 Sec 6.1.1]. 649 o Application Traffic Identifier: The primary ingress and backup 650 ingress MUST both know what application traffic should be directed 651 into the LSP. If a list of prefixes in the Traffic Descriptor 652 sub-object will not suffice, then a commonly understood 653 Application Traffic Identifier can be sent between the primary 654 ingress and backup ingress. The exact meaning of the identifier 655 should be configured similarly at both the primary ingress and 656 backup ingress. The Application Traffic Identifier is understood 657 within the unique context of the primary ingress and backup 658 ingress. 660 o A connection between backup ingress and primary ingress: If there 661 is not any direct link between the primary ingress and the backup 662 ingress, a tunnel MUST be configured between them. 664 With this additional information, the primary ingress can create and 665 signal the necessary RSVP extensions to support ingress protection. 667 5.2.1. Relay-Message Method 669 To protect the primary ingress of an LSP, the primary ingress MUST do 670 the following after the LSP is up. 672 1. Select a PATH message P0 for the LSP. 674 2. If the backup ingress is off-path (the backup ingress is not the 675 next hop of the primary ingress for P0), then send it a PATH 676 message P0' with the content from P0 and an INGRESS_PROTECTION 677 object; else (the backup ingress is a next hop, i.e., on-path 678 case) add an INGRESS_PROTECTION object into the existing PATH 679 message to the backup ingress (i.e., the next hop). The object 680 contains the Traffic-Descriptor sub-object, the Backup Ingress 681 Address sub-object and the Label-Routes sub-object. The options 682 is set to indicate whether a Backup P2MP LSP is desired. The 683 Label-Routes sub-object contains the next-hops of the primary 684 ingress and their labels. Note that for on-path case, there is 685 an existing PATH message to the backup ingress (i.e., the next 686 hop), and we just add an INGRESS_PROTECTION object into the 687 existing PATH message to be sent to the backup ingress. We do 688 not send a separate PATH message to the backup ingress for this 689 existing PATH message. 691 3. For each Pi of the other PATH messages for the LSP, send the 692 backup ingress a PATH message Pi' with the content copied from Pi 693 and an empty INGRESS_PROTECTION object. 695 For every PATH message Pj' (i.e., P0'/Pi') to be sent to the backup 696 ingress, it has the same SESSION as Pj (i.e., P0/Pi). If the backup 697 ingress is off-path, the primary ingress updates Pj' according to the 698 backup ingress as its next hop before sending it. It adds the backup 699 ingress to the beginning of the ERO, and sets RSVP_HOP based on the 700 interface to the backup ingress. The primary ingress MUST NOT set up 701 any forwarding state to the backup ingress if the backup ingress is 702 off-path. 704 5.2.2. Proxy-Ingress Method 706 The primary ingress is responsible for starting the RSVP signaling 707 for the proxy-ingress node. To do this, the following MUST be done 708 for the RSVP PATH message. 710 1. Compute the EROs for the LSP as normal for the ingress. 712 2. If the selected backup ingress node is not the first node on the 713 path (for all sub-LSPs), then insert at the beginning of the ERO 714 first the backup ingress node and then the ingress node. 716 3. In the PATH RRO, instead of recording the ingress node's address, 717 replace it with the Proxy-Ingress-Id. 719 4. Leave the HOP object populated as usual with information for the 720 ingress-node. 722 5. Add the INGRESS_PROTECTION object to the PATH message. Include 723 the Backup Ingress Address (IPv4 or IPv6) sub-object and the 724 Traffic-Descriptor sub-object. Set or clear the options 725 indicating that a Backup P2MP LSP is desired. 727 6. Optionally, add the FAST-REROUTE object [RFC4090] to the Path 728 message. Indicate whether one-to-one backup is desired. 730 Indicate whether facility backup is desired. 732 7. The RSVP PATH message is sent to the backup node as normal. 734 If the ingress detects that it can't communicate with the backup 735 ingress, then the ingress SHOULD instead send the PATH message to the 736 next-hop indicated in the ERO computed in step 1. Once the ingress 737 detects that it can communicate with the backup ingress, the ingress 738 SHOULD follow the steps 1-7 to obtain ingress failure protection. 740 When the ingress node receives an RSVP PATH message with an 741 INGRESS_PROTECTION object and the object specifies that node as the 742 ingress node and the PHOP as the backup ingress node, the ingress 743 node SHOULD remove the INGRESS_PROTECTION object from the PATH 744 message before sending it out. Additionally, the ingress node MUST 745 store that it will install ingress forwarding state for the LSP 746 rather than midpoint forwarding. 748 When an RSVP RESV message is received by the ingress, it uses the 749 NHOP to determine whether the message is received from the backup 750 ingress or from a different node. The stored associated PATH message 751 contains an INGRESS_PROTECTION object that identifies the backup 752 ingress node. If the RESV message is not from the backup node, then 753 ingress forwarding state SHOULD be set up, and the INGRESS_PROTECTION 754 object MUST be added to the RESV before it is sent to the NHOP, which 755 SHOULD be the backup node. If the RESV message is from the backup 756 node, then the LSP SHOULD be considered available for use. 758 If the backup ingress node is on the forwarding path, then a RESV is 759 received with an INGRESS_PROTECTION object and an NHOP that matches 760 the backup ingress. In this case, the ingress node's address will 761 not appear after the backup ingress in the RRO. The ingress node 762 SHOULD set up ingress forwarding state, just as is done if the LSP 763 weren't ingress-node protected. 765 5.3. Backup Ingress Behavior 767 An LER determines that the ingress local protection is requested for 768 an LSP if the INGRESS_PROTECTION object is included in the PATH 769 message it receives for the LSP. The LER can further determine that 770 it is the backup ingress if one of its addresses is in the Backup 771 Ingress Address sub-object of the INGRESS_PROTECTION object. The LER 772 as the backup ingress will assume full responsibility of the ingress 773 after the primary ingress fails. In addition, the LER determines 774 that it is off-path if it is not any node of the LSP. The LER 775 determines whether it uses Relay-Message Method or Proxy-Ingress 776 Method according to configurations. 778 5.3.1. Backup Ingress Behavior in Off-path Case 780 The backup ingress considers itself as a PLR and the primary ingress 781 as its next hop and provides a local protection for the primary 782 ingress. It behaves very similarly to a PLR providing fast-reroute 783 where the primary ingress is considered as the failure-point to 784 protect. Where not otherwise specified, the behavior given in 785 [RFC4090] for a PLR applies. 787 The backup ingress MUST follow the control-options specified in the 788 INGRESS_PROTECTION object and the flags and specifications in the 789 FAST-REROUTE object. This applies to providing a P2MP backup if the 790 "P2MP backup" is set, a one-to-one backup if "one-to-one desired" is 791 set, facility backup if the "facility backup desired" is set, and 792 backup paths that support the desired bandwidth, and administrative 793 groups that are requested. 795 If multiple non empty INGRESS_PROTECTION objects have been received 796 via multiple PATH messages for the same LSP, then the most recent one 797 MUST be the one used. 799 The backup ingress creates the appropriate forwarding state for the 800 backup LSP tunnel(s) to the merge point(s). 802 When the backup ingress sends a RESV message to the primary ingress, 803 it MUST add an INGRESS_PROTECTION object into the message. It MUST 804 set or clear the flags in the object to report "Ingress local 805 protection available", "Ingress local protection in use", and 806 "bandwidth protection". 808 If the backup ingress doesn't have a backup LSP tunnel to each of the 809 merge points, it SHOULD clear "Ingress local protection available" 810 and set NUB to the number of the merge points to which there is no 811 backup LSP. 813 When the primary ingress fails, the backup ingress redirects the 814 traffic from a source into the backup P2P LSPs or the backup P2MP LSP 815 transmitting the traffic to the next hops of the primary ingress, 816 where the traffic is merged into the protected LSP. 818 In this case, the backup ingress MUST keep the PATH message with the 819 INGRESS_PROTECTION object received from the primary ingress and the 820 RESV message with the INGRESS_PROTECTION object to be sent to the 821 primary ingress. The backup ingress MUST set the "local protection 822 in use" flag in the RESV message, indicating that the backup ingress 823 is actively redirecting the traffic into the backup P2P LSPs or the 824 backup P2MP LSP for locally protecting the primary ingress failure. 826 Note that the RESV message with this piece of information will not be 827 sent to the primary ingress because the primary ingress has failed. 829 If the backup ingress has not received any PATH message from the 830 primary ingress for an extended period of time (e.g., a cleanup 831 timeout interval) and a confirmed primary ingress failure did not 832 occur, then the standard RSVP soft-state removal SHOULD occur. The 833 backup ingress SHALL remove the state for the PATH message from the 834 primary ingress, and tear down the one-to-one backup LSPs for 835 protecting the primary ingress if one-to-one backup is used or unbind 836 the facility backup LSPs if facility backup is used. 838 When the backup ingress receives a PATH message from the primary 839 ingress for locally protecting the primary ingress of a protected 840 LSP, it MUST check to see if any critical information has been 841 changed. If the next hops of the primary ingress are changed, the 842 backup ingress SHALL update its backup LSP(s) accordingly. 844 5.3.1.1. Relay-Message Method 846 When the backup ingress receives a PATH message with an non empty 847 INGRESS_PROTECTION object, it examines the object to learn what 848 traffic associated with the LSP. It determines the next-hops to be 849 merged to by examining the Label-Routes sub-object in the object. 851 The backup ingress MUST store the PATH message received from the 852 primary ingress, but NOT forward it. 854 The backup ingress responds with a RESV message to the PATH message 855 received from the primary ingress. If the backup ingress is off- 856 path, the LABEL object in the RESV message contains IMPLICIT-NULL. 857 If the INGRESS_PROTECTION object is not "empty", the backup ingress 858 SHALL send the RESV message with the state indicating protection is 859 available after the backup LSP(s) are successfully established. 861 5.3.1.2. Proxy-Ingress Method 863 The backup ingress determines the next-hops to be merged to by 864 collecting the set of the pair of (IPv4/IPv6 sub-object, Label sub- 865 object) from the Record Route Object of each RESV that are closest to 866 the top and not the Ingress router; this should be the second to the 867 top pair. If a Label-Routes sub-object is included in the 868 INGRESS_PROTECTION object, the included IPv4/IPv6 sub-objects are 869 used to filter the set down to the specific next-hops where 870 protection is desired. A RESV message MUST have been received before 871 the Backup Ingress can create or select the appropriate backup LSP. 873 When the backup ingress receives a PATH message with the 874 INGRESS_PROTECTION object, the backup ingress examines the object to 875 learn what traffic associated with the LSP. The backup ingress 876 forwards the PATH message to the ingress node with the normal RSVP 877 changes. 879 When the backup ingress receives a RESV message with the 880 INGRESS_PROTECTION object, the backup ingress records an IMPLICIT- 881 NULL label in the RRO. Then the backup ingress forwards the RESV 882 message to the ingress node, which is acting for the proxy ingress. 884 5.3.2. Backup Ingress Behavior in On-path Case 886 An LER as the backup ingress determines that it is on-path if one of 887 its addresses is a next hop of the primary ingress (and for Proxy- 888 Ingress Method the primary ingress is not its next hop via checking 889 the PATH message with the INGRESS_PROTECTION object received from the 890 primary ingress). The LER on-path MUST send the corresponding PATH 891 messages without any INGRESS_PROTECTION object to its next hops. It 892 creates a number of backup P2P LSPs or a backup P2MP LSP from itself 893 to the other next hops (i.e., the next hops other than the backup 894 ingress) of the primary ingress. The other next hops are from the 895 Label-Routes sub object. 897 It also creates a forwarding entry, which sends/multicasts the 898 traffic from the source to the next hops of the backup ingress along 899 the protected LSP when the primary ingress fails. The traffic is 900 described by the Traffic-Descriptor. 902 After the forwarding entry is created, all the backup P2P LSPs or the 903 backup P2MP LSP is up and associated with the protected LSP, the 904 backup ingress MUST send the primary ingress the RESV message with 905 the INGRESS_PROTECTION object containing the state of the local 906 protection such as "local protection available" flag set to one, 907 which indicates that the primary ingress is locally protected. 909 When the primary ingress fails, the backup ingress sends/multicasts 910 the traffic from the source to its next hops along the protected LSP 911 and imports the traffic into each of the backup P2P LSPs or the 912 backup P2MP LSP transmitting the traffic to the other next hops of 913 the primary ingress, where the traffic is merged into protected LSP. 915 During the local repair, the backup ingress MUST continue to send the 916 PATH messages to its next hops as before, keep the PATH message with 917 the INGRESS_PROTECTION object received from the primary ingress and 918 the RESV message with the INGRESS_PROTECTION object to be sent to the 919 primary ingress. It MUST set the "local protection in use" flag in 920 the RESV message. 922 5.3.3. Failure Detection and Refresh PATH Messages 924 As described in [RFC4090], it is necessary to refresh the PATH 925 messages via the backup LSP(s). The Backup Ingress MUST wait to 926 refresh the PATH messages until it can accurately detect that the 927 ingress node has failed. An example of such an accurate detection 928 would be that the IGP has no bi-directional links to the ingress node 929 or a BFD session to the primary ingress' loopback address has failed 930 and stayed failed after the network has reconverged. 932 As described in [RFC4090 Section 6.4.3], the backup ingress, acting 933 as PLR, MUST modify and send any saved PATH messages associated with 934 the primary LSP to the corresponding next hops through backup LSP(s). 935 Any PATH message sent will not contain any INGRESS_PROTECTION object. 936 The RSVP_HOP object in the message contains an IP source address 937 belonging to the backup ingress. The sender template object has the 938 backup ingress address as its tunnel sender address. 940 5.4. Revertive Behavior 942 Upon a failure event in the (primary) ingress of a protected LSP, the 943 protected LSP is locally repaired by the backup ingress. There are a 944 couple of basic strategies for restoring the LSP to a full working 945 path. 947 - Revert to Primary Ingress: When the primary ingress is restored, 948 it re-signals each of the LSPs that start from the primary 949 ingress. The traffic for every LSP successfully re-signaled is 950 switched back to the primary ingress from the backup ingress. 952 - Global Repair by Backup Ingress: After determining that the 953 primary ingress of an LSP has failed, the backup ingress computes 954 a new optimal path, signals a new LSP along the new path, and 955 switches the traffic to the new LSP. 957 5.4.1. Revert to Primary Ingress 959 If "Revert to Primary Ingress" is desired for a protected LSP, the 960 (primary) ingress of the LSP SHOULD re-signal the LSP that starts 961 from the primary ingress after the primary ingress restores. After 962 the LSP is re-signaled successfully, the traffic SHOULD be switched 963 back to the primary ingress from the backup ingress on the source 964 node and redirected into the LSP starting from the primary ingress. 966 The primary ingress can specify the "Revert to Ingress" control- 967 option in the INGRESS_PROTECTION object in the PATH messages to the 968 backup ingress. After receiving the "Revert to Ingress" control- 969 option, the backup ingress MUST stop sending/refreshing PATH messages 970 for the protected LSP. 972 5.4.2. Global Repair by Backup Ingress 974 When the backup ingress has determined that the primary ingress of 975 the protected LSP has failed (e.g., via the IGP), it can compute a 976 new path and signal a new LSP along the new path so that it no longer 977 relies upon local repair. To do this, the backup ingress MUST use 978 the same tunnel sender address in the Sender Template Object and 979 allocate a LSP ID different from the one of the old LSP as the LSP-ID 980 of the new LSP. This allows the new LSP to share resources with the 981 old LSP. Alternately, the Backup Ingress can create a new LSP with 982 no bandwidth reservation that duplicates the path(s) of the protected 983 LSP, move traffic to the new LSP, delete the protected LSP, and then 984 resignal the new LSP with bandwidth. 986 6. Security Considerations 988 In principle this document does not introduce new security issues. 989 The security considerations pertaining to RFC 4090, RFC 4875, RFC 990 2205 and RFC 3209 remain relevant. 992 7. Compatibility 994 This extension reuses and extends semantics and procedures defined in 995 RFC 2205, RFC 3209, RFC 4090 and RFC 4875 to support ingress 996 protection. One new object is defined to indicate ingress protection 997 with class numbers in the form 0bbbbbbb. Per RFC 2205, a node not 998 supporting this extension will not recognize the new class number and 999 should respond with an "Unknown Object Class" error. The error 1000 message will propagate to the ingress, which can then take action to 1001 avoid the incompatible node as a backup ingress or may simply 1002 terminate the session. 1004 8. IANA Considerations 1006 This document defines one new object to indicate ingress protection. 1008 - INGRESS_PROTECTION 1010 The assignment of a new Class Name and corresponding 8-bit Class 1011 Number data object in an RSVP message is defined in ([RFC3936]) with 1012 ranges for Standards Action, Expert Review, and Reserved for Private 1013 Use. The Private Use ranges can be used for experimental use, they 1014 will not be registered with IANA and MUST NOT be mentioned by RFCs. 1016 It is suggested to use the following Private Use range: 1018 o 124-127 Reserved for Private Use 1020 It is for an experimental implementation to choose a value from the 1021 Private Use range, and to agree with cooperating implementations 1022 participating in the same experiments what values to use. 1024 Within each object class, there is an 8-bit Class Type (also known as 1025 a C-Type). The following list is a suggested registry for use by 1026 experiments: 1028 Value Name Definition 1029 ----- ---- ---------- 1030 0 Reserved 1031 1 BACKUP_INGRESS_IPv4_ADDRESS Section 4.1.1 1032 2 BACKUP_INGRESS_IPv6_ADDRESS Section 4.1.2 1033 3 INGRESS_IPv4_ADDRESS Section 4.1.3 1034 4 INGRESS_IPv6_ADDRESS Section 4.1.4 1035 5 TRAFFIC_DESCRIPTOR_INTERFACE Section 4.1.5 1036 6 TRAFFIC_DESCRIPTOR_IPv4_PREFIX Section 4.1.5 1037 7 TRAFFIC_DESCRIPTOR_IPv6_PREFIX Section 4.1.5 1038 8 TRAFFIC_DESCRIPTOR_APPLICATION Section 4.1.5 1039 9 LABEL_ROUTES Section 4.1.6 1040 10-127 Unassigned 1041 128-255 Reserved 1043 9. Co-authors and Contributors 1045 1. Co-authors 1047 Autumn Liu 1048 Ciena 1049 USA 1050 Email: hliu@ciena.com 1052 Zhenbin Li 1053 Huawei Technologies 1054 Email: zhenbin.li@huawei.com 1055 Yimin Shen 1056 Juniper Networks 1057 10 Technology Park Drive 1058 Westford, MA 01886 1059 USA 1060 Email: yshen@juniper.net 1062 Tarek Saad 1063 Cisco Systems 1064 Email: tsaad@cisco.com 1066 Fengman Xu 1067 Verizon 1068 2400 N. Glenville Dr 1069 Richardson, TX 75082 1070 USA 1071 Email: fengman.xu@verizon.com 1073 2. Contributors 1075 Ning So 1076 Tata Communications 1077 2613 Fairbourne Cir. 1078 Plano, TX 75082 1079 USA 1080 Email: ningso01@gmail.com 1082 Mehmet Toy 1083 Verizon 1084 USA 1085 Email: mehmet.toy@verizon.com 1087 Lei Liu 1088 USA 1089 Email: liulei.kddi@gmail.com 1090 Renwei Li 1091 Huawei Technologies 1092 2330 Central Expressway 1093 Santa Clara, CA 95050 1094 USA 1095 Email: renwei.li@huawei.com 1097 Quintin Zhao 1098 Huawei Technologies 1099 Boston, MA 1100 USA 1101 Email: quintin.zhao@huawei.com 1103 Boris Zhang 1104 Telus Communications 1105 200 Consilium Pl Floor 15 1106 Toronto, ON M1H 3J3 1107 Canada 1108 Email: Boris.Zhang@telus.com 1110 Markus Jork 1111 Juniper Networks 1112 10 Technology Park Drive 1113 Westford, MA 01886 1114 USA 1115 Email: mjork@juniper.net 1117 10. Acknowledgement 1119 The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric 1120 Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, Alia 1121 Atlas, Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath, 1122 Gregory Mirsky, and Ronhazli Adam for their valuable comments and 1123 suggestions on this draft. 1125 11. References 1126 11.1. Normative References 1128 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1129 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1130 RFC2119, March 1997, 1131 . 1133 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 1134 Label Switching Architecture", RFC 3031, DOI 10.17487/ 1135 RFC3031, January 2001, 1136 . 1138 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 1139 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 1140 Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, 1141 . 1143 [RFC4090] Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast 1144 Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090, 1145 DOI 10.17487/RFC4090, May 2005, 1146 . 1148 [RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S. 1149 Yasukawa, Ed., "Extensions to Resource Reservation 1150 Protocol - Traffic Engineering (RSVP-TE) for Point-to- 1151 Multipoint TE Label Switched Paths (LSPs)", RFC 4875, 1152 DOI 10.17487/RFC4875, May 2007, 1153 . 1155 11.2. Informative References 1157 [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, 1158 N., and A. Fulignoli, Ed., "MPLS Transport Profile 1159 (MPLS-TP) Linear Protection", RFC 6378, DOI 10.17487/ 1160 RFC6378, October 2011, 1161 . 1163 Authors' Addresses 1165 Huaimo Chen (editor) 1166 Huawei Technologies 1167 Boston, MA 1168 USA 1170 Email: huaimo.chen@huawei.com 1171 Raveendra Torvi (editor) 1172 Juniper Networks 1173 10 Technology Park Drive 1174 Westford, MA 01886 1175 USA 1177 Email: rtorvi@juniper.net