idnits 2.17.1 draft-morin-bess-mvpn-fast-failover-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: When signaling state for a P2MP TE LSP is removed (e.g. if the ingress of the P2MP TE LSP sends a PathTear message) or the P2MP TE LSP changes state from up to down as determined by procedures in [RFC4875], the status of the corresponding P-Tunnel SHOULD be re-evaluated. If the P-Tunnel transitions from up to down state, the upstream PE, that is the ingress of the P-Tunnel, SHOULD not be considered a valid UMH. -- The document date (October 24, 2014) is 3473 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-19) exists of draft-ietf-bfd-multipoint-04 == Outdated reference: A later version (-08) exists of draft-ietf-rtgwg-mofrr-04 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group T. Morin, Ed. 2 Internet-Draft Orange 3 Intended status: Standards Track R. Kebler, Ed. 4 Expires: April 27, 2015 Y. Rekhter 5 R. Qiu 6 Juniper Networks 7 R. Aggarwal 8 Arktan 9 W. Henderickx 10 P. Muley 11 Alcatel-Lucent 12 October 24, 2014 14 Multicast VPN fast upstream failover 15 draft-morin-bess-mvpn-fast-failover-00 17 Abstract 19 This document defines multicast VPN extensions and procedures that 20 allow fast failover for upstream failures, by allowing downstream PEs 21 to take into account the status of Provider-Tunnels (P-tunnels) when 22 selecting the upstream PE for a VPN multicast flow, and extending BGP 23 MVPN routing so that a C-multicast route can be advertized toward a 24 standby upstream PE. 26 Requirements Language 28 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 29 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 30 document are to be interpreted as described in RFC 2119 [RFC2119]. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on April 27, 2015. 49 Copyright Notice 51 Copyright (c) 2014 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. UMH Selection based on tunnel status . . . . . . . . . . . . 3 69 3.1. Determining the status of a tunnel . . . . . . . . . . . 4 70 3.1.1. mVPN tunnel root tracking . . . . . . . . . . . . . . 5 71 3.1.2. PE-P Upstream link status . . . . . . . . . . . . . . 5 72 3.1.3. P2MP RSVP-TE tunnels . . . . . . . . . . . . . . . . 5 73 3.1.4. Leaf-initiated P-tunnels . . . . . . . . . . . . . . 6 74 3.1.5. P2MP LSP OAM . . . . . . . . . . . . . . . . . . . . 6 75 3.1.6. (S,G) counter information . . . . . . . . . . . . . . 6 76 3.1.7. BFD Discriminator . . . . . . . . . . . . . . . . . . 7 77 3.1.8. Per PE-CE link BFD Discriminator . . . . . . . . . . 7 78 4. Standby C-multicast route . . . . . . . . . . . . . . . . . . 8 79 4.1. Downstream PE behavior . . . . . . . . . . . . . . . . . 8 80 4.2. Upstream PE behavior . . . . . . . . . . . . . . . . . . 9 81 4.3. Reachability determination . . . . . . . . . . . . . . . 10 82 4.4. Inter-AS . . . . . . . . . . . . . . . . . . . . . . . . 11 83 4.4.1. Inter-AS procedures for downstream PEs, ASBR fast 84 failover . . . . . . . . . . . . . . . . . . . . . . 11 85 4.4.2. Inter-AS procedures for ASBRs . . . . . . . . . . . . 11 86 5. Hot leaf standby . . . . . . . . . . . . . . . . . . . . . . 12 87 6. Duplicate packets . . . . . . . . . . . . . . . . . . . . . . 13 88 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 89 8. Security Considerations . . . . . . . . . . . . . . . . . . . 13 90 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 91 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 92 10.1. Normative References . . . . . . . . . . . . . . . . . . 13 93 10.2. Informative References . . . . . . . . . . . . . . . . . 14 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 96 1. Introduction 98 In the context of multicast in BGP/MPLS VPNs, it is desirable to 99 provide mechanisms allowing fast recovery of connectivity on 100 different types of failures. This document addresses failures of 101 elements in the provider network that are upstream of PEs connected 102 to VPN sites with receivers. 104 The sections 3 and 4 describe two independent mechanisms, allowing 105 different levels of resiliency, and providing different failure 106 coverage: 108 o Section 3 describes local procedures allowing an egress PE (a PE 109 connected to a receiver site) to take into account the status of 110 P-Tunnels to determine the Upstream Multicast Hop (UMH) for a 111 given (C-S, C-G). This method does not provide a "fast failover" 112 solution when used alone, but can be used with the following 113 sections for a "fast failover" solution. 115 o Section 4 describes protocol extensions that can speed up failover 116 by not requiring any multicast VPN routing message exchange at 117 recovery time. 119 Moreover, section 5 describes a "hot leaf standby" mechanism, that 120 uses a combination of these two mechanisms. This approach has 121 similarities with the solution described in [I-D.mofrr] to improve 122 failover times when PIM routing is used in a network given some 123 topology and metric constraints. 125 2. Terminology 127 The terminology used in this document is the terminology defined in 128 [RFC6513] and [RFC6514]. 130 3. UMH Selection based on tunnel status 132 Current multicast VPN specifications [RFC6513], section 5.1, describe 133 the procedures used by a multicast VPN downstream PE to determine 134 what the upstream multicast hop (UMH) is for a said (C-S,C-G). 136 The procedure described here is an OPTIONAL procedure that consist in 137 having a downstream PE take into account the status of P-tunnels 138 rooted at each possible upstream PEs, for including or not including 139 each said PE in the list of candidate UMHs for a said (C-S,C-G) 140 state. The result is that, if a P-tunnel is "down" (see 141 Section 3.1), the PE that is the root of the P-Tunnel will not be 142 considered for UMH selection, which will result in the downstream PE 143 to failover to the upstream PE which is next in the list of 144 candidates. 146 A downstream PE monitors the status of the tunnels of UMHs that are 147 ahead of the current one. Whenever the downstream PE determines that 148 one of these tunnels is no longer "known to down", the PE selects the 149 UMH corresponding to that as the new UMH. 151 More precisely, UMH determination for a said (C-S,C-G) will consider 152 the UMH candidates in the following order: 154 o first, the UMH candidates that either (a) advertise a PMSI bound 155 to a tunnel, where the specified tunnel is not known to be down or 156 (b) do not advertise any I- or S- PMSI applicable to the said 157 (C-S,C-G) but have associated a VRF Route Import BGP attribute to 158 the unicast VPN route for S (this is necessary to avoid 159 considering invalid some UMH PEs that use a policy where no I-PMSI 160 is advertized for a said VRF and where only S-PMSI are used, the 161 S-PMSI advertisement being possibly done only after the upstream 162 PE receives a C-multicast route for (C-S, C-G)/(C-*, C-G) to be 163 carried over the advertized S-PMSI) 165 o second, the UMH candidates that advertise a PMSI bound to a tunnel 166 that is "down" -- these will thus be used as a last resort to 167 ensure a graceful fallback to the basic MVPN UMH selection 168 procedures in the hypothetical case where a false negative would 169 occur when determining the status of all tunnels 171 For a said downstream PE and a said VRF, the P-tunnel corresponding 172 to a said upstream PE for a said (C-S,C-G) state is the S-PMSI tunnel 173 advertized by that upstream PE for this (C-S,C-G) and imported into 174 that VRF, or if there isn't any such S-PMSI, the I-PMSI tunnel 175 advertized by that PE and imported into that VRF. 177 Note that this documents assumes that if a site of a given MVPN that 178 contains C-S is dual-homed to two PEs, then all the other sites of 179 that MVPN would have two unicast VPN routes (VPN-IPv4 or VPN-IPv6) 180 routes to C-S, each with its own RD. 182 3.1. Determining the status of a tunnel 184 Different factors can be considered to determine the "status" of a 185 P-tunnel and are described in the following sub-sections. The 186 procedure proposed here also allows that all downstream PEs don't 187 apply the same rules to define what the status of a P-tunnel is 188 (please see Section 6), and some of them will produce a result that 189 may be different for different downstream PEs. Thus what is called 190 the "status" of a P-tunnel in this section, is not a characteristic 191 of the tunnel in itself, but is the status of the tunnel, *as seen 192 from a particular downstream PE*. Additionally, some of the 193 following methods determine the ability of downstream PE to receive 194 traffic on the P-tunnel and not specifically on the status of the 195 P-tunnel itself. This could be referred to as "P-tunnel reception 196 status", but for simplicity, we will use the terminology of P-tunnel 197 "status" for all of these methods. 199 Depending on the criteria used to determine the status of a P-tunnel, 200 there may be an interaction with other resiliency mechanism used for 201 the P-tunnel itself, and the UMH update may happen immediately or may 202 need to be delayed. Each particular case is covered in each separate 203 sub-section below. 205 3.1.1. mVPN tunnel root tracking 207 A condition to consider that the status of a P-tunnel is up is that 208 the root of the tunnel, as determined in the PMSI tunnel attribute, 209 is reachable through unicast routing tables. In this case the 210 downstream PE can immediately update its UMH when the reachability 211 condition changes. 213 This is similar to BGP next-hop tracking for VPN routes, except that 214 the address considered is not the BGP next-hop address, but the root 215 address in the PMSI tunnel attribute. 217 If BGP next-hop tracking is done for VPN routes, and the root address 218 of a said tunnel happens to be the same as the next-hop address in 219 the BGP autodiscovery route advertising the tunnel, then this 220 mechanisms may be omitted for this tunnel, as it will not bring any 221 specific benefit. 223 3.1.2. PE-P Upstream link status 225 A condition to consider a tunnel status as up can be that the last- 226 hop link of the P-tunnel is up. 228 This method should not be used when there is a fast restoration 229 mechanism (such as MPLS FRR [RFC4090]) in place for the link. 231 3.1.3. P2MP RSVP-TE tunnels 233 For P-Tunnels of type P2MP MPLS-TE, the status of the P-Tunnel is 234 considered up if one or more of the P2MP RSVP-TE LSPs, identified by 235 the P-Tunnel Attribute, are in up state. The determination of 236 whether a P2MP RSVP-TE LSP is in up state requires Path and Resv 237 state for the LSP and is based on procedures in [RFC4875]. In this 238 case the downstream PE can immediately update its UMH when the 239 reachability condition changes. 241 When signaling state for a P2MP TE LSP is removed (e.g. if the 242 ingress of the P2MP TE LSP sends a PathTear message) or the P2MP TE 243 LSP changes state from up to down as determined by procedures in 244 [RFC4875], the status of the corresponding P-Tunnel SHOULD be re- 245 evaluated. If the P-Tunnel transitions from up to down state, the 246 upstream PE, that is the ingress of the P-Tunnel, SHOULD not be 247 considered a valid UMH. 249 3.1.4. Leaf-initiated P-tunnels 251 A PE can be removed from the UMH candidate list for a said (S,G) if 252 the P-tunnel for this S,G (I or S , depending) is leaf triggered 253 (PIM, mLDP), but for some reason internal to the protocol the 254 upstream one-hop branch of the tunnel from P to PE cannot be built. 255 In this case the downstream PE can immediately update its UMH when 256 the reachability condition changes. 258 3.1.5. P2MP LSP OAM 260 When a P2MP connectivity verification mechanism such as 261 [I-D.ietf-bfd-multipoint] used in conjunction with bootstrapping 262 mechanisms described in [I-D.ietf-mpls-mcast-cv] has been setup for a 263 tunnel, the result of the connectivity verification can be used to 264 define the status of the tree. 266 If a MultipointHead session has been established on a P2MP MPLS LSP 267 so that BFD packets are periodically sent from the root toward 268 leaves, a condition to consider the status of corresponding tunnel as 269 up is that the BFD SessionState is Up. 271 When such a procedure is used, in context where fast restoration 272 mechanisms are used for the P-tunnels, downstream PEs should be 273 configured to wait before updating the UMH, to let the P-tunnel 274 restoration mechanism happen. A configurable timer MUST be provided 275 for this purpose, and it is recommended to provide a reasonable 276 default value for this timer. 278 3.1.6. (S,G) counter information 280 In cases, where the downstream node can be configured so that the 281 maximum inter-packet time is known for all the multicast flows mapped 282 on a P-tunnel, the local per-(C-S,C-G) traffic counter information 283 for traffic received on this P-tunnel can be used to determine the 284 status of the P-tunnel. 286 When such a procedure is used, in context where fast restoration 287 mechanisms are used for the P-tunnels, downstream PEs should be 288 configured to wait before updating the UMH, to let the P-tunnel 289 restoration mechanism happen. A configurable timer MUST be provided 290 for this purpose, and it is recommended to provide a reasonable 291 default value for this timer. 293 This method can be applicable for instance when a (S,G) flow is 294 mapped on an S-PMSI. 296 In cases where this mechanism is used in conjunction with 297 Hot leaf standby, then no prior knowledge of the rate of the 298 multicast streams is required ; downstream PEs can compare reception 299 on the two P-tunnels to determine when one of them is down. 301 3.1.7. BFD Discriminator 303 P-tunnel status can be derived from the status of a BFD session whose 304 discriminator is advertized along with an x-PMSI A-D route. See 305 [I-D.jain-mvpn-bfd-fast-upstream-failover]. 307 3.1.8. Per PE-CE link BFD Discriminator 309 The following approach is proposed for fast failover on PE-CE link 310 failures, in which UMH selection for a said (S,G) takes into account 311 the state of a BFD session dedicated to the state of the upstream PE- 312 CE link. 314 If this approach is enabled: 316 o each upstream PE: for each PE-CE link for which this protection is 317 wanted, initiates a multipoint BFD session toward downstream PEs, 318 with a trigger causing such a session to be torn down if the 319 associated PE-CE link is detected as down. 321 o each upstream PE: for each prefix of a PE-CE link for which 322 protection is wanted, advertizes a wildcard S-PMSI covering the 323 sources inside this prefix, and signals along with this S-PMSI the 324 multipoint BFD session discriminator associated with the PE-CE 325 link relying on procedures in 326 [I-D.jain-mvpn-bfd-fast-upstream-failover]. (note that all these 327 S-PMSIs can perfectly use the same P-tunnel) 329 o each downstream PE: if an S-PMSI bound to a said (S,G) is signaled 330 with a multipoint BFD session, then the upstream PE is considered 331 during UMH selection for (S,G) if and only if the corresponding 332 BFD session is up. Whenever the BFD session goes down the S-PMSI 333 P-tunnel will be considered down and the downstream PE will switch 334 to the backup P-tunnel. Note that the P-tunnel is considered down 335 only for the (S,G) states that match to an S-PMSI signaling the 336 BFD discriminator of a BFD session which is down 338 4. Standby C-multicast route 340 The procedures described below are limited to the case where the site 341 that contains C-S is connected to exactly two PEs. The procedures 342 require all the PEs of that MVPN to follow the single forwarder PE 343 selection, as specified in [RFC6513]. The procedures assume that if 344 a site of a given MVPN that contains C-S is dual-homed to two PEs, 345 then all the other sites of that MVPN would have two unicast VPN 346 routes (VPN-IPv4 or VPN-IPv6) routes to C-S, each with its own RD. 348 As long as C-S is reachable via both PEs, a said downstream PE will 349 select one of the PEs connected to C-S as its Upstream PE with 350 respect to C-S. We will refer to the other PE connected to C-S as 351 the "Standby Upstream PE". Note that if the connectivity to C-S 352 through the Primary Upstream PE becomes unavailable, then the PE will 353 select the Standby Upstream PE as its Upstream PE with respect to 354 C-S. 356 For readability, in the following sub-sections, the procedures are 357 described for BGP C-multicast Source Tree Join routes, but they apply 358 equally to BGP C-multicast Shared Tree Join routes failover for the 359 case where the customer RP is dual-homed (substitute "C-RP" to 360 "C-S"). 362 4.1. Downstream PE behavior 364 When a (downstream) PE connected to some site of an MVPN needs to 365 send a C-multicast route (C-S, C-G), then following the procedures 366 specified in Section "Originating C-multicast routes by a PE" of 367 [RFC6514] the PE sends the C-multicast route with RT that identifies 368 the Upstream PE selected by the PE originating the route. As long as 369 C-S is reachable via the Primary Upstream PE, the Upstream PE is the 370 Primary Upstream PE. If C-S is reachable only via the Standby 371 Upstream PE, then the Upstream PE is the Standby Upstream PE. 373 If C-S is reachable via both the Primary and the Standby Upstream PE, 374 then in addition to sending the C-multicast route with an RT that 375 identifies the Primary Upstream PE, the PE also originates and sends 376 a C-multicast route with an RT that identifies the Standby Upstream 377 PE. This route, that has the semantic of being a 'standby' 378 C-multicast route, is further called a "Standby BGP C-multicast 379 route", and is constructed as follows: 381 o the NLRI is constructed as the original C-multicast route, except 382 that the RD is the same as if the C-multicast route was built 383 using the standby PE as the UMH (it will carry the RD associated 384 to the unicast VPN route advertized by the standby PE for S) 386 o SHOULD carry the "Standby PE" BGP Community (this is a new BGP 387 Community, see Section 7) 389 The normal and the standby C-multicast routes must have their Local 390 Preference attribute adjusted so that, if two C-multicast routes with 391 same NLRI are received by a BGP peer, one carrying the "Standby PE" 392 attribute and the other one *not* carrying the "Standby PE" 393 community, then preference is given to the one *not* carrying the 394 "Standby PE" attribute. Such a situation can happen when, for 395 instance due to transient unicast routing inconsistencies, two 396 different downstream PEs consider different upstream PEs to be the 397 primary one ; in that case, without any precaution taken, both 398 upstream PEs would process a standby C-multicast route and possibly 399 stop forwarding at the same time. For this purpose a Standby BGP 400 C-multicast route MUST have the LOCAL_PREF attribute set to zero. 402 Note that, when a PE advertizes such a Standby C-multicast join for 403 an (S,G) it must join the corresponding P-tunnel. 405 If at some later point the local PE determines that C-S is no longer 406 reachable through the Primary Upstream PE, the Standby Upstream PE 407 becomes the Upstream PE, and the local PE re-sends the C-multicast 408 route with RT that identifies the Standby Upstream PE, except that 409 now the route does not carry the Standby PE BGP Community (which 410 results in replacing the old route with a new route, with the only 411 difference between these routes being the presence/absence of the 412 Standby PE BGP Community). 414 4.2. Upstream PE behavior 416 When a PE receives a C-multicast route for a particular (C-S, C-G), 417 and the RT carried in the route results in importing the route into a 418 particular VRF on the PE, if the route carries the Standby PE BGP 419 Community, then the PE performs as follows: 421 when the PE determines that C-S is not reachable through some 422 other PE, the PE SHOULD install VRF PIM state corresponding to 423 this Standby BGP C-multicast route (the result will be that a PIM 424 Join message will be sent to the CE towards C-S, and that the PE 425 will receive (C-S,C-G) traffic), and the PE SHOULD forward (C-S, 426 C-G) traffic received by the PE to other PEs through a P-tunnel 427 rooted at the PE. 429 Furthermore, irrespective of whether C-S carried in that route is 430 reachable through some other PE: 432 a) based on local policy, as soon as the PE receives this Standby BGP 433 C-multicast route, the PE MAY install VRF PIM state corresponding 434 to this BGP Source Tree Join route (the result will be that Join 435 messages will be sent to the CE toward C-S, and that the PE will 436 receive (C-S,C-G) traffic) 438 b) based on local policy, as soon as the PE receives this Standby BGP 439 C-multicast route, the PE MAY forward (C-S, C-G) traffic to other 440 PEs through a P-tunnel independently of the reachability of C-S 441 through some other PE. [note that this implies also doing (a)] 443 Doing neither (a), nor (b) for a said (C-S,C-G) is called "cold root 444 standby". 446 Doing (a) but not (b) for a said (C-S,C-G) is called "warm root 447 standby". 449 Doing (b) (which implies also doing (a)) for a said (C-S,C-G) is 450 called "hot root standby". 452 Note that, if an upstream PE uses an S-PMSI only policy, it shall 453 advertise an S-PMSI for an (S,G) as soon as it receives a C-multicast 454 route for (S,G), normal or Standby ; i.e. it shall not wait for 455 receiving a non-Standby C-multicast route before advertising the 456 corresponding S-PMSI. 458 Section 9.3.2 of [RFC6514], describes the procedures of sending a 459 Source-Active A-D result as a result of receiving the C-multicast 460 route. These procedures should be followed for both the normal and 461 Standby C-multicast routes. 463 4.3. Reachability determination 465 The standby PE can use the following information to determine that 466 C-S can or cannot be reached through the primary PE: 468 o presence/absence of a unicast VPN route toward C-S 470 o supposing that the standby PE is an egress of the tunnel rooted at 471 the Primary PE, the standby PE can determine the reachability of 472 C-S through the Primary PE based on the status of this tunnel, 473 determined thanks to the same criteria as the ones described in 474 Section 3.1 (without using the UMH selection procedures of 475 Section 3) 477 o other mechanisms MAY be used 479 4.4. Inter-AS 481 If the non-segmented inter-AS approach is used, the procedures in 482 section 4 can be applied. 484 When multicast VPNs are used in a inter-AS context with the segmented 485 inter-AS approach described in section 8.2 of [RFC6514], the 486 procedures in this section can be applied. 488 A pre-requisite for the procedures described below to be applied for 489 a source of a said MVPN is: 491 o that any PE of this MVPN receives two Inter-AS I-PMSI auto- 492 discovery routes advertized by the AS of the source (or more) 494 o that these Inter-AS I-PMSI autodiscovery routes have distinct 495 Route Distinguishers (as described in item "(2)" of section 9.2 of 496 [RFC6514]). 498 As an example, these conditions will be satisfied when the source is 499 dual homed to an AS that connects to the receiver AS through two ASBR 500 using auto-configured RDs. 502 4.4.1. Inter-AS procedures for downstream PEs, ASBR fast failover 504 The following procedure is applied by downstream PEs of an AS, for a 505 source S in a remote AS. 507 Additionally to choosing an Inter-AS I-PMSI autodiscovery route 508 advertized from the AS of the source to construct a C-multicast 509 route, as described in section 11.1.3 [RFC6514] a downstream PE will 510 choose a second Inter-AS I-PMSI autodiscovery route advertized from 511 the AS of the source and use this route to construct and advertise a 512 Standby C-multicast route (C-multicast route carrying the Standby 513 extended community) as described in Section 4.1. 515 4.4.2. Inter-AS procedures for ASBRs 517 When an upstream ASBR receives a C-multicast route, and at least one 518 of the RTs of the route matches one of the ASBR Import RT, the ASBR 519 locates an Inter-AS I-PMSI A-D route whose RD and Source AS matches 520 the RD and Source AS carried in the C-multicast route. If the match 521 is found, and C-multicast route carries the Standby PE BGP Community, 522 then the ASBR performs as follows: 524 o if the route was received over iBGP ; the route is expected to 525 have a LOCAL_PREF attribute set to zero and it should be re- 526 advertized in eBGP with a MED attribute (MULTI_EXIT_DISC) set to 527 the highest possible value (0xffff) 529 o if the route was received over eBGP ; the route is expected to 530 have a MED attribute set of 0xffff and should be re-advertized in 531 iBGP with a LOCAL_PREF attribute set to zero 533 Other ASBR procedures are applied without modification. 535 5. Hot leaf standby 537 The mechanisms defined in sections Section 4 and Section 3 can be 538 used together as follows. 540 The principle is that, for a said VRF (or possibly only for a said 541 C-S,C-G): 543 o downstream PEs advertise a Standby BGP C-multicast route (based on 544 Section 4) 546 o upstream PEs use the "hot standby" optional behavior and thus will 547 forward traffic for a said multicast state as soon as they have 548 whether a (primary) BGP C-multicast route or a Standby BGP 549 C-multicast route for that state (or both) 551 o downstream PEs accept traffic from the primary or standby tunnel, 552 based on the status of the tunnel (based on Section 3) 554 Other combinations of the mechanisms proposed in Section 4) and 555 Section 3 are for further study. 557 Note that the same level of protection would be achievable with a 558 simple C-multicast Source Tree Join route advertized to both the 559 primary and secondary upstream PEs (carrying as Route Target extended 560 communities, the values of the VRF Route Import attribute of each VPN 561 route from each upstream PEs). The advantage of using the Standby 562 semantic for is that, supposing that downstream PEs always advertise 563 a Standby C-multicast route to the secondary upstream PE, it allows 564 to choose the protection level through a change of configuration on 565 the secondary upstream PE, without requiring any reconfiguration of 566 all the downstream PEs. 568 6. Duplicate packets 570 Multicast VPN specifications [RFC6513] impose that a PE only forwards 571 to CEs the packets coming from the expected usptream PE 572 (Section 9.1). 574 We highlight the reader's attention to the fact that the respect of 575 this part of multicast VPN specifications is especially important 576 when two distinct upstream PEs are susceptible to forward the same 577 traffic on P-tunnels at the same time in steady state. This will be 578 the case when "hot root standby" mode is used (Section 4), and which 579 can also be the case if procedures of Section 3 are used and (a) the 580 rules determining the status of a tree are not the same on two 581 distinct downstream PEs or (b) the rule determining the status of a 582 tree depend on conditions local to a PE (e.g. the PE-P upstream link 583 being up). 585 7. IANA Considerations 587 Allocation is expected from IANA for the BGP "Standby PE" community. 588 (TBC) 590 [Note to RFC Editor: this section may be removed on publication as an 591 RFC.] 593 8. Security Considerations 595 9. Acknowledgements 597 The authors want to thank Greg Reaume and Eric Rosen for their review 598 and useful feedback. 600 10. References 602 10.1. Normative References 604 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 605 Requirement Levels", BCP 14, RFC 2119, March 1997. 607 [RFC4875] Aggarwal, R., Papadimitriou, D., and S. Yasukawa, 608 "Extensions to Resource Reservation Protocol - Traffic 609 Engineering (RSVP-TE) for Point-to-Multipoint TE Label 610 Switched Paths (LSPs)", RFC 4875, May 2007. 612 [RFC6513] Aggarwal, R., Bandi, S., Cai, Y., Morin, T., Rekhter, Y., 613 Rosen, E., Wijnands, I., and S. Yasukawa, "Multicast in 614 MPLS/BGP IP VPNs", RFC 6513, February 2012. 616 [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP 617 Encodings and Procedures for Multicast in MPLS/BGP IP 618 VPNs", RFC 6514, February 2012. 620 10.2. Informative References 622 [I-D.ietf-bfd-multipoint] 623 Katz, D., Ward, D., and S. Pallagatti, "BFD for Multipoint 624 Networks", draft-ietf-bfd-multipoint-04 (work in 625 progress), August 2014. 627 [I-D.ietf-mpls-mcast-cv] 628 Swallow, G., "Connectivity Verification for Multicast 629 Label Switched Paths", draft-ietf-mpls-mcast-cv-00 (work 630 in progress), April 2007. 632 [I-D.jain-mvpn-bfd-fast-upstream-failover] 633 Jain, P., Singh, K., Kotalwar, J., Bhau, N., and C. 634 Hassen, "BGP Extensions for Multicast VPN Fast Upstream 635 Failover", draft-jain-mvpn-bfd-fast-upstream-failover-00 636 (work in progress), April 2012. 638 [I-D.mofrr] 639 Karan, A., Filsfils, C., Farinacci, D., Decraene, B., 640 Leymann, N., and T. Telkamp, "Multicast only Fast Re- 641 Route", draft-ietf-rtgwg-mofrr-04 (work in progress), 642 November 2014. 644 [RFC4090] Pan, P., Swallow, G., and A. Atlas, "Fast Reroute 645 Extensions to RSVP-TE for LSP Tunnels", RFC 4090, May 646 2005. 648 Authors' Addresses 650 Thomas Morin (editor) 651 Orange 652 2, avenue Pierre Marzin 653 Lannion 22307 654 France 656 Email: thomas.morin@orange-ftgroup.com 657 Robert Kebler (editor) 658 Juniper Networks 659 1194 North Mathilda Ave. 660 Sunnyvale, CA 94089 661 U.S.A. 663 Email: rkebler@juniper.net 665 Yakov Rekhter 666 Juniper Networks 667 1194 North Mathilda Ave. 668 Sunnyvale, CA 94089 669 U.S.A. 671 Email: yakov@juniper.net 673 Ray (Lei) Qiu 674 Juniper Networks 675 1194 North Mathilda Ave. 676 Sunnyvale, CA 94089 677 U.S.A. 679 Email: rqiu@juniper.net 681 Rahul Aggarwal 682 Arktan 684 Email: raggarwa_1@yahoo.com 686 Wim Henderickx 687 Alcatel-Lucent 688 Copernicuslaan 50 689 Antwerp 2018 690 Belgium 692 Email: wim.henderickx@alcatel-lucent.com 693 Praveen Muley 694 Alcatel-Lucent 695 701 East Middlefield Rd 696 Mountain View, CA 94043 697 U.S.A. 699 Email: praveen.muley@alcatel-lucent.com