draft-ietf-rtgwg-segment-routing-ti-lfa-00.txt   draft-ietf-rtgwg-segment-routing-ti-lfa-01.txt 
Network Working Group A. Bashandy
Internet Draft Arrcus Network Working Group S. Litkowski
Intended status: Standard Track C. Filsfils Internet-Draft Orange
Expires: June 2019 Cisco Systems Intended status: Standards Track A. Bashandy
Bruno Decraene Expires: September 6, 2019 Individual
Stephane Litkowski C. Filsfils
Cisco Systems
B. Decraene
Orange Orange
Pierre Francois P. Francois
INSA Lyon INSA Lyon
D. Voyer D. Voyer
Bell Canada Bell Canada
Francois Clad F. Clad
Pablo Camarillo P. Camarillo
Cisco Systems Cisco Systems
December 3, 2018 March 5, 2019
Topology Independent Fast Reroute using Segment Routing Topology Independent Fast Reroute using Segment Routing
draft-ietf-rtgwg-segment-routing-ti-lfa-00 draft-ietf-rtgwg-segment-routing-ti-lfa-01
Abstract Abstract
This document presents Topology Independent Loop-free Alternate Fast This document presents Topology Independent Loop-free Alternate Fast
Re-route (TI-LFA), aimed at providing protection of node and Re-route (TI-LFA), aimed at providing protection of node and
adjacency segments within the Segment Routing (SR) framework. This adjacency segments within the Segment Routing (SR) framework. This
Fast Re-route (FRR) behavior builds on proven IP-FRR concepts being Fast Re-route (FRR) behavior builds on proven IP-FRR concepts being
LFAs, remote LFAs (RLFA), and remote LFAs with directed forwarding LFAs, remote LFAs (RLFA), and remote LFAs with directed forwarding
(DLFA). It extends these concepts to provide guaranteed coverage in (DLFA). It extends these concepts to provide guaranteed coverage in
any IGP network. A key aspect of TI-LFA is the FRR path selection any IGP network. A key aspect of TI-LFA is the FRR path selection
approach establishing protection over post-convergence paths from approach establishing protection over the expected post-convergence
the point of local repair, dramatically reducing the operational paths from the point of local repair, dramatically reducing the
need to control the tie-breaks among various FRR options. operational need to control the tie-breaks among various FRR options.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on June 3, 2019. Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 6, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with respect
respect to this document. Code Components extracted from this to this document. Code Components extracted from this document must
document must include Simplified BSD License text as described in include Simplified BSD License text as described in Section 4.e of
Section 4.e of the Trust Legal Provisions and are provided without the Trust Legal Provisions and are provided without warranty as
warranty as described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Conventions used in this document.........................5 1.1. Conventions used in this document . . . . . . . . . . . . 7
2. Terminology....................................................5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Intersecting P-Space and Q-Space with post-convergence paths...6 3. Intersecting P-Space and Q-Space with post-convergence paths 8
3.1. P-Space property computation for a resource X.............6 3.1. P-Space property computation for a resource X . . . . . . 8
3.2. Q-Space property computation for a link S-F, over post- 3.2. Q-Space property computation for a link S-F, over post-
convergence paths..............................................6 convergence paths . . . . . . . . . . . . . . . . . . . . 8
3.3. Q-Space property computation for a set of links adjacent to 3.3. Q-Space property computation for a set of links adjacent
S, over post-convergence paths.................................7 to S, over post-convergence paths . . . . . . . . . . . 9
3.4. Q-Space property computation for a node F, over post- 3.4. Q-Space property computation for a node F, over post-
convergence paths..............................................7 convergence paths . . . . . . . . . . . . . . . . . . . . 9
4. TI-LFA Repair Tunnel...........................................7 3.5. Scaling considerations when computing Q-Space . . . . . . 9
4.1. The repair node is a direct neighbor......................7 4. TI-LFA Repair Tunnel . . . . . . . . . . . . . . . . . . . . 9
4.2. The repair node is a PQ node..............................8 4.1. FRR path using a direct neighbor . . . . . . . . . . . . 10
4.3. The repair is a Q node, neighbor of the last P node.......8 4.2. FRR path using a PQ node . . . . . . . . . . . . . . . . 10
4.4. Connecting distant P and Q nodes along post-convergence 4.3. FRR path using a P node and Q node that are adjacent . . 10
paths..........................................................8 4.4. Connecting distant P and Q nodes along post-convergence
5. Protecting segments............................................8 paths . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.1. The active segment is a node segment......................8 5. Protecting segments . . . . . . . . . . . . . . . . . . . . . 10
5.2. The active segment is an adjacency segment................9 5.1. The active segment is a node segment . . . . . . . . . . 11
5.2.1. Protecting [Adjacency, Adjacency] segment lists......9 5.2. The active segment is an adjacency segment . . . . . . . 11
5.2.2. Protecting [Adjacency, Node] segment lists...........9 5.2.1. Protecting [Adjacency, Adjacency] segment lists . . . 11
5.3. Protecting SR policy midpoints against node failure......10 5.2.2. Protecting [Adjacency, Node] segment lists . . . . . 12
5.3.1. Protecting {F, T, D} or {S->F, T, D}................10 5.3. Protecting SR policy midpoints against node failure . . . 13
5.3.2. Protecting {F, F->T, D} or {S->F, F->T, D}..........11 5.3.1. Protecting {F, T, D} or {S->F, T, D} . . . . . . . . 13
6. Measurements on Real Networks.................................12 5.3.2. Protecting {F, F->T, D} or {S->F, F->T, D} . . . . . 14
7. Security Considerations.......................................17 6. TI-LFA and SR algorithms . . . . . . . . . . . . . . . . . . 15
8. IANA Considerations...........................................17 7. Usage of Adjacency segments in the repair list . . . . . . . 16
9. Conclusions...................................................17 8. Measurements on Real Networks . . . . . . . . . . . . . . . . 16
10. References...................................................17 9. Security Considerations . . . . . . . . . . . . . . . . . . . 21
10.1. Normative References....................................17 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
10.2. Informative References..................................17 11. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 21
11. Acknowledgments..............................................18 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 22
13.1. Normative References . . . . . . . . . . . . . . . . . . 22
13.2. Informative References . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
Segment Routing aims at supporting services with tight SLA Segment Routing aims at supporting services with tight SLA guarantees
guarantees [1]. By relying on segment routing this document provides [RFC8402]. By relying on SR this document provides a local repair
a local repair mechanism for standard IGP shortest path capable of mechanism for standard IGP shortest path capable of restoring end-to-
restoring end-to-end connectivity in the case of a sudden directly end connectivity in the case of a sudden directly connected failure
connected failure of a network component. Non-SR mechanisms for of a network component. Non-SR mechanisms for local repair are
local repair are beyond the scope of this document. Non-local beyond the scope of this document. Non-local failures are addressed
failures are addressed in a separate document [6]. in a separate document [I-D.bashandy-rtgwg-segment-routing-uloop].
The term topology independent (Ti) refers to the ability to provide The term topology independent (TI) refers to the ability to provide a
a loop free backup path irrespective of the topologies prior the loop free backup path irrespective of the topologies used in the
failure and after the failure. network. This provides a major improvment compared to LFA
([RFC5286]) and remote LFA ([RFC7490]) which cannot be applicable in
some topologies ([RFC6571]).
For each destination in the network, TI-LFA prepares a data-plane For each destination in the network, TI-LFA pre-installs a backup
switch-over to be activated upon detection of the failure of a link forwarding entry for each protected destination ready to be activated
used to reach the destination. TI-LFA provides protection in the upon detection of the failure of a link used to reach the
event of any one of the following: single link failure, single node destination. TI-LFA provides protection in the event of any one of
failure, or single local SRLG failure. In link failure mode, the the following: single link failure, single node failure, or single
destination is protected assuming the failure of the link. In node SRLG failure. In link failure mode, the destination is protected
protection mode, the destination is protected assuming that the assuming the failure of the link. In node protection mode, the
neighbor connected to the primary link has failed. In local SRLG destination is protected assuming that the neighbor connected to the
protecting mode, the destination is protected assuming that a primary link has failed. In SRLG protecting mode, the destination is
configured set of links sharing fate with the primary link has protected assuming that a configured set of links sharing fate with
failed (e.g. a linecard). the primary link has failed (e.g. a linecard or a set of links
sharing a common transmission pipe).
Protection techniques outlined in this document are limited to Protection techniques outlined in this document are limited to
protecting links, nodes, and local SRLGs that are within a routing protecting links, nodes, and SRLGs that are within a routing domain.
domain. Protecting domain exit routers and/or links attached to Protecting domain exit routers and/or links attached to another
another routing domains are beyond the scope of this document routing domains are beyond the scope of this document
Using segment routing, there is no need to establish TLDP sessions Thanks to SR, TI-LFA does not require the establishment of TLDP
with remote nodes in order to take advantage of the applicability of sessions with remote nodes in order to take advantage of the
remote LFAs (RLFA) [4][5] or remote LFAs with directed forwarding applicability of remote LFAs (RLFA) [RFC7490][RFC7916] or remote LFAs
(DLFA)[2]. As a result, preferring LFAs over RLFAs or DLFAs, as well with directed forwarding (DLFA)[RFC5714]. All the Segment
as minimizing the number of RLFA or DLFA repair nodes is not Identifiers (SIDs) are available in the link state database (LSDB) of
required the IGP. As a result, preferring LFAs over RLFAs or DLFAs, as well
as minimizing the number of RLFA or DLFA repair nodes is not required
anymore.
Using SR, there is no need to create state in the network in order Thanks to SR, there is no need to create state in the network in
to enforce an explicit FRR path thereby relieving the nodes from the order to enforce an explicit FRR path. This relieves the nodes
extra state and the operator from having to deploy an extra protocol themselves from having to maintain extra state , and it relieves the
just to enhance FRR coverage. operator from having to deploy an extra protocol or extra protocol
sessions just to enhance the protection coverage.
The FRR behavior suggested in this document tailors the repair paths [RFC7916] raised several operational considerations when using LFA or
over the post-convergence path from the PLR to the protected remote LFA. [RFC7916] Section 3 presents a case where a high
destination, given the enabled protection mode for the interface. bandwidth link between two core routers is protected through a PE
Using the post-convergence path in TI-LFA resolves some of router connected with low bandwidth links. In such a case,
operational issues with LFA selection that are mentioned in Section congestion may happen when the FRR backup path is activated.
3 of [5] (e.g. using PE routers to protect against core failures, or [RFC7916] introduces a local policy framework to let the operator
selecting links with low BW while links with high BW are available), tuning manually the best alternate election based on its own
because these issues presumably have been taken care of by the requirements.
network operator as part of its original network engineering. Hence
traffic that permanently uses the PLR after the failure achieves From a network capacity planning point of view, it is often assumed
maximum benefits. Traffic that does not use the PLR prior to and that if a link L fails on a particular node X, the bandwidth consumed
after the failure remains unaffected. Traffic that temporarily on L will be spread over some of the remaining links of X. The
continues to use the PLR after the failure benefits from the quick remaining links to be used are determined by the IGP routing
switching to the backup path by minimizing traffic loss until remote considering that the link L has failed (we assume that the traffic
node(s) reacts. uses the post-convergence path starting from the node X). In
Figure 1, we consider a network with all metrics equal to 1 except
the metrics on links used by PE1, PE2 and PE3 which are 1000. An
easy network capacity planning method is to consider that if the link
L (X-B) fails, the traffic actually flowing through L will be spread
over the remaining links of X (X-H, X-D, X-A). Considering the IGP
metrics, only X-H and X-D can only be used in reality to carry the
traffic flowing through the link L. As a consequence, the bandwidth
of links X-H and X-D is sized according to this rule. We should
observe that this capacity planning policy works, however it is not
fully accurate.
In Figure 1, considering that the source of traffic is only from PE1
and PE4, when the link L fails, depending on the convergence speed of
the nodes, X may reroute its forwarding entries to the remote PEs
onto X-H or X-D; however in a similar timeframe, PE1 will also
reroute a subset of its traffic (the subset destined to PE2) out of
its nominal path reducing the quantity of traffic received by X. The
capacity planning rule presented previously has the drawback of
oversizing the network, however it allows to prevent any transient
congestion (when for example X reroutes traffic before PE1 does).
H --- I --- J
| | \
PE4 | | PE3
\ | (L) | /
A --- X --- B --- G
/ | | \
PE1 | | PE2
\ | | /
C --- D --- E --- F
Figure 1
Based on this assumption, in order to facilitate the operation of
FRR, and limit the implementation of local FRR policies, it looks
interesting to steer the traffic onto the post-convergence path from
the PLR point of view during the FRR phasis. In our example, when
link L fails, X switches the traffic destined to PE3 and PE2 on the
post-convergence paths. This is perfectly inline with the capacity
planning rule that was presented before and also inline with the fact
X may converge before PE1 (or any other upstream router) and may
spread the X-B traffic onto the post-convergence paths rooted at X.
It should be noted, that some networks may have a different capacity
planning rule, leading to an allocation of less bandwidth on X-H and
X-D links. In such a case, using the post-convergence paths rooted
at X during FRR may introduce some congestion on X-H and X-D links.
However it is important to note, that a transient congestion may
possibly happen, even without FRR activated, for instance when X
converges before the upstream routers. Operators are still free to
use the policy framework defined in [RFC7916] if the usage of the
post-convergence paths rooted at the PLR is not suitable.
Readers should be aware that FRR protection is pre-computing a backup
path to protect against a particular type of failure (link, node,
SRLG). When using the post-convergence path as FRR backup path, the
computed post-convergence path is the one considering the failure we
are protecting against. This means that FRR is using an expected
post-convergence path, and this expected post-convergence path may be
actually different from the post-convergence path used if the failure
that happened is different from the failure FRR was protecting
against. As an example, if the operator has implemented a protection
against a node failure, the expected post-convergence path used
during FRR will be the one considering that the node has failed.
However, even if a single link is failing or a set of links is
failing (instead of the full node), the node-protecting post-
convergence path will be used. The consequence is that the path used
during FRR is not optimal with respect to the failure that has
actually occured.
Another consideration to take into account is: while using the
expected post-convergence path for SR traffic using node segments
only (for instance, PE to PE traffic using shortest path) has some
advantages, these advantages reduce when SR policies
([I-D.ietf-spring-segment-routing-policy]) are involved. A segment-
list used in an SR policy is computed to obey a set of path
constraints defined locally at the head-end or centrally in a
controller. TI-LFA cannot be aware of such path constraints and
there is no reason to expect the TI-LFA backup path protecting one
the segments in that segment list to obey those constraints. When SR
policies are used and the operator wants to have a backup path which
still follows the policy requirements, this backup path should be
computed as part of the SR policy in the ingress node (or central
controller) and the SR policy should not rely on local protection.
Another option could be to use FlexAlgo ([I-D.ietf-lsr-flex-algo]) to
express the set of constraints and use a single node segment
associated with a FlexAlgo to reach the destination. When using a
node segment associated with a FlexAlgo, TI-LFA keeps providing an
optimal backup by applying the appropriate set of constraints. The
relationship between TI-LFA and the SR-algorithm is detailled in
Section 6.
Thanks to SR and the combination of Adjacency segments and Node
segments, the expression of the expected post-convergence path rooted
at the PLR is facilitated and does not create any additional state on
intermediate nodes. The easiest way to express the expected post-
convergence path in a loop-free manner is to encode it as a list of
adjacency segments. However, in an MPLS world, this may create a
long stack of labels to be pushed that some hardware may not be able
to push. One of the challenges of TI-LFA is to encode the expected
post-convergence path by combining adjacency segments and node
segments. Each implementation will be free to have its own path
compression optimization algorithm. This document details the basic
concepts that could be used to build the SR backup path as well as
the associated dataplane procedures.
L ____ L ____
S----F--{____}----D S----F--{____}----D
/\ | / /\ | /
| | | _______ / | | | _______ /
|__}---Q{_______} |__}---Q{_______}
Figure 1 TI-LFA Protection Figure 2: TI-LFA Protection
We use Figure 1 to illustrate the TI-LFA approach. We use Figure 2 to illustrate the TI-LFA approach.
The Point of Local Repair (PLR), S, needs to find a node Q (a repair The Point of Local Repair (PLR), S, needs to find a node Q (a repair
node) that is capable of safely forwarding the traffic to a node) that is capable of safely forwarding the traffic to a
destination D affected by the failure of the protected link L, a set destination D affected by the failure of the protected link L, a set
of adjacent links including L (local SRLG), or the node F itself. of links including L (SRLG), or the node F itself. The PLR also
The PLR also needs to find a way to reach Q without being affected needs to find a way to reach Q without being affected by the
by the convergence state of the nodes over the paths it wants to use convergence state of the nodes over the paths it wants to use to
to reach Q. reach Q: the PLR needs a loop-free path to reach Q.
In Section 2 we define the main notations used in the document. Section 2 defines the main notations used in the document. They are
They are in line with [2]. in line with [RFC5714].
In Section 3, we suggest to compute the P-Space and Q-Space Section 3 suggests to compute the P-Space and Q-Space properties
properties defined in Section 2, for the specific case of nodes defined in Section 2, for the specific case of nodes lying over the
lying over the post-convergence paths towards the protected post-convergence paths towards the protected destinations.
destinations.
Using the properties defined in Section 3, Section 4 describes Using the properties defined in Section 3, Section 4 describes how to
how to compute protection lists that encode a loopfree post- compute protection lists that encode a loop-free post- convergence
convergence path towards the destination. path towards the destination.
Section 5 defines the segment operations to be applied by the PLR Section 5 defines the segment operations to be applied by the PLR to
to ensure consistency with the forwarding state of the repair node. ensure consistency with the forwarding state of the repair node.
By applying the algorithms specified in this document to actual By applying the algorithms specified in this document to actual
service providers and large enterprise networks, we provide real service providers and large enterprise networks, we provide real life
life measurements for the number of SIDs used by repair paths. measurements for the number of SIDs used by repair paths. Section 8
Section 6 summarizes these measurements. summarizes these measurements.
1.1. Conventions used in this document 1.1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in RFC-2119 "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
In this document, these words will appear with that interpretation capitals, as shown here.
only when in ALL CAPS. Lower case uses of these words are not to be
interpreted as carrying RFC-2119 significance.
2. Terminology 2. Terminology
We define the main notations used in this document as the following. We define the main notations used in this document as the following.
We refer to "old" and "new" topologies as the LSDB state before and We refer to "old" and "new" topologies as the LSDB state before and
after the considered failure. after the considered failure.
SPT_old(R) is the Shortest Path Tree rooted at node R in the initial SPT_old(R) is the Shortest Path Tree rooted at node R in the initial
state of the network. state of the network.
SPT_new(R, X) is the Shortest Path Tree rooted at node R in the SPT_new(R, X) is the Shortest Path Tree rooted at node R in the state
state of the network after the resource X has failed. of the network after the resource X has failed.
Dist_old(A,B) is the shortest distance from node A to node B in
SPT_old(A).
Dist_new(A,B, X) is the shortest distance from node A to node B in
SPT_new(A,X).
PLR stands for "Point of Local Repair". It is the router that PLR stands for "Point of Local Repair". It is the router that
applies fast traffic restoration after detecting failure in a applies fast traffic restoration after detecting failure in a
directly attached link, set of links, and/or node. directly attached link, set of links, and/or node.
Similar to [4], we use the concept of P-Space and Q-Space for TI- Similar to [RFC7490], we use the concept of P-Space and Q-Space for
LFA. TI- LFA.
The P-Space P(R,X) of a node R w.r.t. a resource X (e.g. a link S-F, The P-Space P(R,X) of a node R w.r.t. a resource X (e.g. a link S-F,
a node F, or a local SRLG) is the set of nodes that are reachable a node F, or a SRLG) is the set of nodes that are reachable from R
from R without passing through X. It is the set of nodes that are without passing through X. It is the set of nodes that are not
not downstream of X in SPT_old(R). downstream of X in SPT_old(R).
The Extended P-Space P'(R,X) of a node R w.r.t. a resource X is the The Extended P-Space P'(R,X) of a node R w.r.t. a resource X is the
set of nodes that are reachable from R or a neighbor of R, without set of nodes that are reachable from R or a neighbor of R, without
passing through X. passing through X.
The Q-Space Q(D,X) of a destination node D w.r.t. a resource X is The Q-Space Q(D,X) of a destination node D w.r.t. a resource X is the
the set of nodes which do not use X to reach D in the initial state set of nodes which do not use X to reach D in the initial state of
of the network. In other words, it is the set of nodes which have D the network. In other words, it is the set of nodes which have D in
in their P-Space w.r.t. S-F, F, or a set of links adjacent to S). their P-Space w.r.t. S-F, F, or a set of links adjacent to S).
A symmetric network is a network such that the IGP metric of each A symmetric network is a network such that the IGP metric of each
link is the same in both directions of the link. link is the same in both directions of the link.
3. Intersecting P-Space and Q-Space with post-convergence paths 3. Intersecting P-Space and Q-Space with post-convergence paths
In this section, we suggest to determine the P-Space and Q-Space One of the challenges of defining an SR path following the expected
properties of the nodes along the post-convergence paths from the post-convergence path is to reduce the size of the segment list. In
PLR to the protected destination and compute an SR-based explicit order to reduce this segment list, an implementation MAY determine
path from P to Q when they are not adjacent. Such properties will the P-Space/Extended P-Space and Q-Space properties (defined in
be used in Section 4 to compute the TI-LFA repair list. [RFC7490]) of the nodes along the expected post-convergence path from
the PLR to the protected destination and compute an SR-based explicit
path from P to Q when they are not adjacent. Such properties will be
used in Section 4 to compute the TI-LFA repair list.
3.1. P-Space property computation for a resource X 3.1. P-Space property computation for a resource X
A node N is in P(R, X) if it is not downstream of X in SPT_old(R). A node N is in P(R, X) if it is not downstream of X in SPT_old(R). X
X can be a link, a node, or a set of links adjacent to the PLR. A can be a link, a node, or a set of links adjacent to the PLR. A node
node N is in P'(R,X) if it is not downstream of X in SPT_old(N), N is in P'(R,X) if it is not downstream of X in SPT_old(N), for at
for at least one neighbor N of R. least one neighbor N of R.
3.2. Q-Space property computation for a link S-F, over post- 3.2. Q-Space property computation for a link S-F, over post-convergence
convergence paths paths
We want to determine which nodes on the post-convergence path from We want to determine which nodes on the post-convergence path from
the PLR to the destination D are in the Q-Space of destination D the PLR to the destination D are in the Q-Space of destination D
w.r.t. link S-F. w.r.t. link S-F.
This can be found by intersecting the post-convergence path to D, This can be found by intersecting the post-convergence path to D,
assuming the failure of S-F, with Q(D, S-F). assuming the failure of S-F, with Q(D, S-F).
3.3. Q-Space property computation for a set of links adjacent to S, 3.3. Q-Space property computation for a set of links adjacent to S,
over post-convergence paths over post-convergence paths
We want to determine which nodes on the post-convergence path from We want to determine which nodes on the post-convergence path from
the PLR to the destination D are in the Q-Space of destination D the PLR to the destination D are in the Q-Space of destination D
w.r.t. a set of links adjacent to S (S being the PLR). That is, we w.r.t. a set of links adjacent to S (S being the PLR). That is, we
aim to find the set of nodes on the post-convergence path that use aim to find the set of nodes on the post-convergence path that use
none of the members of the protected set of links, to reach D. none of the members of the protected set of links, to reach D.
This can be found by intersecting the post-convergence path to D, This can be found by intersecting the post-convergence path to D,
assuming the failure of the set of links, with the intersection assuming the failure of the set of links, with the intersection among
among Q(D, S->X) for all S->X belonging to the set of links. Q(D, S->X) for all S->X belonging to the set of links.
3.4. Q-Space property computation for a node F, over post-convergence 3.4. Q-Space property computation for a node F, over post-convergence
paths paths
We want to determine which nodes on the post-convergence from the We want to determine which nodes on the post-convergence from the PLR
PLR to the destination D are in the Q-Space of destination D w.r.t. to the destination D are in the Q-Space of destination D w.r.t. node
node F. F.
This can be found by intersecting the post-convergence path to D, This can be found by intersecting the post-convergence path to D,
assuming the failure of F, with Q(D, F). assuming the failure of F, with Q(D, F).
4. TI-LFA Repair Tunnel 3.5. Scaling considerations when computing Q-Space
The TI-LFA repair tunnel consists of an outgoing interface and a [RFC7490] raises scaling concerns about computing a Q-Space per
list of segments (repair list) to insert on the SR header. The destination. Similar concerns may affect TI-LFA computation if an
repair list encodes the explicit post-convergence path to the implementation tries to compute a reverse SPT for every destination
destination, which avoids the protected resource X and, at the same in the network to determine the Q-Space. It will be up to each
time, is guaranteed to be loop free irrespective of the state of implementation to determine the good tradeoff between scaling and
FIBs along the nodes belonging to the explicit path. Thus there is accuracy of the optimization.
no need for any co-ordination or message exchange between the PLR
and any other router in the network. 4. TI-LFA Repair Tunnel
The TI-LFA repair tunnel consists of an outgoing interface and a list
of segments (repair list) to insert on the SR header. The repair
list encodes the explicit post-convergence path to the destination,
which avoids the protected resource X and, at the same time, is
guaranteed to be loop-free irrespective of the state of FIBs along
the nodes belonging to the explicit path. Thus there is no need for
any co-ordination or message exchange between the PLR and any other
router in the network.
The TI-LFA repair tunnel is found by intersecting P(S,X) and Q(D,X) The TI-LFA repair tunnel is found by intersecting P(S,X) and Q(D,X)
with the post-convergence path to D and computing the explicit SR- with the post-convergence path to D and computing the explicit SR-
based path EP(P, Q) from P to Q when these nodes are not adjacent based path EP(P, Q) from P to Q when these nodes are not adjacent
along the post convergence path. The TI-LFA repair list is along the post convergence path. The TI-LFA repair list is expressed
expressed generally as (Node_SID(P), EP(P, Q)). generally as (Node_SID(P), EP(P, Q)).
Most often, the TI-LFA repair list has a simpler form, as described Most often, the TI-LFA repair list has a simpler form, as described
in the following sections. Section 6 provides statistics for the in the following sections. Section 8 provides statistics for the
number of SIDs in the explicit path to protect against various number of SIDs in the explicit path to protect against various
failures. failures.
4.1. The repair node is a direct neighbor 4.1. FRR path using a direct neighbor
When the repair node is a direct neighbor, the outgoing interface is When a direct neighbor is in P(S,X) and Q(D,x) and on the post-
set to that neighbor and the repair segment list is empty. convergence path, the outgoing interface is set to that neighbor and
the repair segment list MUST be empty.
This is comparable to a post-convergence LFA FRR repair. This is comparable to a post-convergence LFA FRR repair.
4.2. The repair node is a PQ node 4.2. FRR path using a PQ node
When the repair node is in P(S,X), the repair list is made of a When a remote node R is in P(S,X) and Q(D,x) and on the post-
single node segment to the repair node. convergence path, the repair list MUST be made of a single node
segment to R and the outgoing interface MUST be set to the outgoing
interface used to reach R.
This is comparable to a post-convergence RLFA repair tunnel. This is comparable to a post-convergence RLFA repair tunnel.
4.3. The repair is a Q node, neighbor of the last P node 4.3. FRR path using a P node and Q node that are adjacent
When the repair node is adjacent to P(S,X), the repair list is made When a node P is in P(S,X) and a node Q is in Q(D,x) and both are on
of two segments: A node segment to the adjacent P node, and an the post-convergence path and both are adjacent to each other, the
adjacency segment from that node to the repair node. repair list MUST be made of two segments: A node segment to P (to be
processed first), followed by an adjacency segment from P to Q.
This is comparable to a post-convergence DLFA repair tunnel. This is comparable to a post-convergence DLFA repair tunnel.
4.4. Connecting distant P and Q nodes along post-convergence paths 4.4. Connecting distant P and Q nodes along post-convergence paths
In some cases, there is no adjacent P and Q node along the post- In some cases, there is no adjacent P and Q node along the post-
convergence path. However, the PLR can perform additional convergence path. However, the PLR can perform additional
computations to compute a list of segments that represent a loopfree computations to compute a list of segments that represent a loop-free
path from P to Q. path from P to Q. How these computations are done is out of scope of
this document.
5. Protecting segments 5. Protecting segments
In this section, we explain how a protecting router S processes the In this section, we explain how a protecting router S processes the
active segment of a packet upon the failure of its primary outgoing active segment of a packet upon the failure of its primary outgoing
interface for the packet, S-F. interface for the packet, S-F.
The behavior depends on the type of active segment to be protected. The behavior depends on the type of active segment to be protected.
5.1. The active segment is a node segment 5.1. The active segment is a node segment
The active segment is kept on the SR header, unchanged (1). The The active segment MUST be kept on the SR header unchanged and the
repair list is inserted at the head of the list. The active segment repair list MUST be inserted at the head of the list. The active
becomes the first segment of the inserted repair list. segment becomes the first segment of the inserted repair list.
Note (1): If SR-MPLS is being used and the SRGB at the repair node This behavior is slightly modified when SR-MPLS is used:
is different from the SRGB at the PLR, then the active segment MUST
be updated to fit the SRGB of the repair node. o If the repair list ends with an adjacency segment terminating on
the tail-end of the active segment, and if the active segment has
been signalled with penultimate hop popping, the active segment
MUST be popped before pushing the repair list.
o If the SRGB at the Q node is different from the SRGB at the PLR,
then the active segment (before the insertion of the repair list)
MUST be updated to fit the SRGB of the Q node.
In Section 5.3, we describe the node protection behavior of PLR S, In Section 5.3, we describe the node protection behavior of PLR S,
for the specific case where the active segment is a prefix segment for the specific case where the active segment is a prefix segment
for the neighbor F itself. for the neighbor F itself.
5.2. The active segment is an adjacency segment 5.2. The active segment is an adjacency segment
We define hereafter the FRR behavior applied by S for any packet We define hereafter the FRR behavior applied by S for any packet
received with an active adjacency segment S-F for which protection received with an active adjacency segment S-F for which protection
was enabled. We distinguish the case where this active segment is was enabled. As protection has been enabled for the segment S-F and
followed by another adjacency segment from the case where it is signalled in the IGP, any SR policy using this segment knows that it
followed by a node segment. may be transiently rerouted out of S-F in case of S-F failure.
5.2.1. Protecting [Adjacency, Adjacency] segment lists We distinguish the case where this active segment is followed by
another adjacency segment from the case where it is followed by a
node segment.
5.2.1. Protecting [Adjacency, Adjacency] segment lists
If the next segment in the list is an Adjacency segment, then the If the next segment in the list is an Adjacency segment, then the
packet has to be conveyed to F. packet has to be conveyed to F.
To do so, S applies a "NEXT" operation on Adj(S-F) and then two To do so, S MUST apply a "NEXT" operation on Adj(S-F) and then two
consecutive "PUSH" operations: first it pushes a node segment for F, consecutive "PUSH" operations: first it pushes a node segment for F,
and then it pushes a protection list allowing to reach F while and then it pushes a repair list allowing to reach F while bypassing
bypassing S-F. For details on the "NEXT" and "PUSH" operations, S-F. For details on the "NEXT" and "PUSH" operations, refer to
refer to [7]. [RFC8402].
Upon failure of S-F, a packet reaching S with a segment list Upon failure of S-F, a packet reaching S with a segment list matching
matching [adj(S-F),adj(M),...] will thus leave S with a segment list [adj(S-F),adj(F-M),...] will thus leave S with a segment list
matching [RT(F),node(F),adj(M)], where RT(F) is the repair tunnel matching [RT(F),node(F),adj(F-M)], where RT(F) is the repair tunnel
for destination F. If MPLS forwarding plane is used, then Note(1) for destination F.
from Section 5.1 applies here. Hence MPLS label representing
Node(F) MUST be calculated according to the exit point of the repair
tunnel "RT(F)"
In Section 5.3.2, we describe the TI-LFA behavior of PLR S when This behavior is slightly modified when SR-MPLS is used:
node protection is applied and the two first segments are Adjacency
o If the repair list ends with an adjacency segment terminating on
F, and if the node segment of F has been signalled with
penultimate hop popping, the implementation MUST pop Adj(S-F) and
then push the repair list (the node segment of F is not pushed).
The packet will leave S with a segment list matching
[RT(F),adj(F-M)].
o If the SRGB at the Q node is different from the SRGB at the PLR,
then MPLS label representing node(F) MUST be calculated as per the
SRGB of the Q node.
In Section 5.3.2, we describe the TI-LFA behavior of PLR S when node
protection is applied and the two first segments are Adjacency
Segments. Segments.
5.2.2. Protecting [Adjacency, Node] segment lists 5.2.2. Protecting [Adjacency, Node] segment lists
If the next segment in the stack is a node segment, say for node T, If the next segment in the stack is a node segment, say for node T,
the segment list on the packet matches [adj(S-F),node(T),...]. the segment list on the packet matches [adj(S-F),node(T),...].
A first solution would consist in steering the packet back to F A first solution would consist in steering the packet back to F while
while avoiding S-F. To do so, S applies a "NEXT" operation on avoiding S-F. To do so, S MUST apply a "NEXT" operation on Adj(S-F)
Adj(S-F) and then two consecutive "PUSH" operations: first it pushes and then two consecutive "PUSH" operations: first it pushes a node
a node segment for F, and then it pushes a repair list allowing to segment for F, and then it pushes a repair list allowing to reach F
reach F while bypassing S-F. while bypassing S-F.
Upon failure of S-F, a packet reaching S with a segment list Upon failure of S-F, a packet reaching S with a segment list matching
matching [adj(S-F),node(T),...] will thus leave S with a segment [adj(S-F),node(T),...] will thus leave S with a segment list matching
list matching [RT(F),node(F),node(T)]. Again if MPLS forwarding [RT(F),node(F),node(T)].
plane is used, then Note(1) from Section 5.1 applies and the label
representing the node(F) MUST be calculated according to the SRGB of This behavior is slightly modified when SR-MPLS is used:
the last node in the repair tunnel RT(F).
o If the repair list ends with an adjacency segment terminating on
F, and if the node segment of F has been signalled with
penultimate hop popping, the implementation MUST pop Adj(S-F) and
then push the repair list (the node segment of F is not pushed).
The packet will leave S with a segment list matching
[RT(F),node(T)].
o If the SRGB at the Q node is different from the SRGB at the PLR,
then MPLS label representing node(F) MUST be calculated as per the
SRGB of the Q node.
Another solution is to not steer the packet back via F but rather Another solution is to not steer the packet back via F but rather
follow the new shortest path to T. In this case, S just needs to follow the new shortest path to T. In this case, S MUST apply a
apply a "NEXT" operation on the Adjacency segment related to S-F, "NEXT" operation on the Adjacency segment related to S-F, followed by
and push a repair list redirecting the traffic to a node Q, whose a "PUSH" of a repair list redirecting the traffic to a node Q, whose
path to node segment T is not affected by the failure. path to node segment T is not affected by the failure.
Upon failure of S-F, packets reaching S with a segment list matching Upon failure of S-F, packets reaching S with a segment list matching
[adj(L), node(T), ...], would leave S with a segment list matching [adj(S-F), node(T), ...], would leave S with a segment list matching
[RT(Q),node(T), ...]. Note that this second behavior is the one [RT(Q),node(T), ...]. Note that this second behavior is the one
followed for node protection, as described in Section 5.3.1. followed for node protection, as described in Section 5.3.1.
Just like the first solution above, if MPLS forwarding plane is This behavior is slightly modified when SR-MPLS is used:
used, then Note(1) from Section 5.1 applies. Hence the label
corresponding to Node(T) MUST be calculated according to the SRGB of
node Q.
5.3. Protecting SR policy midpoints against node failure o If the repair list ends with an adjacency segment terminating on T
(T being the Q node), and if the node segment of T has been
signalled with penultimate hop popping, the implementation MUST
pop Adj(S-F) and then push the repair list (the node segment of T
is not pushed). The packet will leave S with a segment list
matching [RT(Q=T), ...].
o If the SRGB at the Q node is different from the SRGB at the PLR,
then the MPLS label representing node(T) MUST be calculated as per
the SRGB of the Q node.
The first proposal which merges back the traffic at the remote end of
the adjacency segment has the advantage of keeping as much as
possible the traffic on the existing path. As stated in Section 1,
when SR policies are involved and a strict compliance of the policy
is required, an end-to-end protection should be preferred over a
local repair mechanism.
5.3. Protecting SR policy midpoints against node failure
In this section, we describe the behavior of a node S configured to In this section, we describe the behavior of a node S configured to
interpret the failure of link S->F as the node failure of F, in the interpret the failure of link S->F as the node failure of F, in the
specific case where the active segment of the packet received by S specific case where the active segment of the packet received by S is
is a Prefix SID of F represented as "F"), or an Adjacency SID for a Prefix SID of F represented as "F"), or an Adjacency SID for the
the link S-F (represented as "S->F"). link S-F (represented as "S->F").
5.3.1. Protecting {F, T, D} or {S->F, T, D} 5.3.1. Protecting {F, T, D} or {S->F, T, D}
This section describes the protection behavior of S when all of the This section describes the protection behavior of S when all of the
following conditions are true: following conditions are true:
1. the active segment is a prefix SID for a neighbor F, or an 1. the active segment is a prefix SID for a neighbor F, or an
adjacency segment S->F adjacency segment S->F
2. the primary interface used to forward the packet failed
3. the segment following the active segment is a prefix SID (for 2. the primary interface used to forward the packet failed
node T) 3. the segment following the active segment is a prefix SID (for
node T)
4. node protection is active for that interface. 4. node protection is active for that interface.
The TILFA Node FRR behavior becomes equivalent to: In such a case, the PLR MUST:
1. Pop; the segment F or S->F is removed 1. apply a NEXT operation; the segment F or S->F is removed
2. Confirm that the next segment is in the SRGB of F, meaning that 2. Confirm that the next segment is in the SRGB of F, meaning that
the next segment is a prefix segment, e.g. for node T the next segment is a prefix segment, e.g. for node T
3. Identify T (as per the SRGB of F) 3. Retrieve the segment ID of T (as per the SRGB of F)
4. Pop the next segment and push T's segment based on the SRGB of 4. Apply a NEXT operation followed by a PUSH operation of T's
node "S". segment based on the SRGB of node S.
5. forward the packet according to T. 5. Look up T's segment (based on the updated label value) and
forward accordingly.
5.3.2. Protecting {F, F->T, D} or {S->F, F->T, D} 5.3.2. Protecting {F, F->T, D} or {S->F, F->T, D}
This section describes the protection behavior of S when all of the This section describes the protection behavior of S when all of the
following conditions are true: following conditions are true:
1. the active segment is a prefix SID for a neighbor F, or an 1. the active segment is a prefix SID for a neighbor F, or an
adjacency segment S->F adjacency segment S->F
2. the primary interface used to forward the packet failed 2. the primary interface used to forward the packet failed
3. the segment following the active segment is an adjacency SID (F- 3. the segment following the active segment is an adjacency SID (F-
>T) >T)
4. node protection is active for that interface. 4. node protection is active for that interface.
The TILFA Node FRR behavior becomes equivalent to: In such a case, the PLR MUST:
1. Pop; the segment F or S->F is removed 1. Apply a NEXT operation; the segment F or S->F is removed
2. Confirm that the next segment is an adjacency SID of F, say F->T 2. Confirm that the next segment is an adjacency SID of F, say F->T
3. Identify T (as per the set of Adjacency Segments of F) 3. Retrieve the node segment ID associated to T (as per the set of
Adjacency Segments of F)
4. Pop the next segment and push T's segment based on the SRGB of 4. Apply a NEXT operation on the next segment followed by a PUSH of
the node "S" T's segment based on the SRGB of the node S.
5. forward the packet according to T. 5. Look up T's segment (based on the updated label value) and
forward accordingly.
It is noteworthy to mention that node "S" in the procedures It is noteworthy to mention that node "S" in the procedures described
described in Sections 5.3.1 and 5.3.2 can always determine whether in Sections 5.3.1 and 5.3.2 can always determine whether the segment
the segment after popping the top segment is an adjacency SID or a after popping the top segment is an adjacency SID or a prefix-SID of
prefix-SID of the next-hop "F" as follows: the next-hop "F" as follows:
1. In a link state environment, the node "S" knows the SRGB and the 1. In a link state environment, the node "S" knows the SRGB and the
adj-SIDs of the neighboring node "F" adj-SIDs of the neighboring node "F"
2. If the new segment after popping the top segment is within the 2. If the new segment after popping the top segment is within the
SRGB or the adj-SIDs of "F", then node "S" is certain that the SRGB or the adj-SIDs of "F", then node "S" is certain that the
failure of node "F" is a midpoint failure and hence node "S" failure of node "F" is a midpoint failure and hence node "S"
applies the procedures specified in Sections 5.3.1 or 5.3.2, applies the procedures specified in Sections 5.3.1 or 5.3.2,
respectively. respectively.
3. Otherwise the failure is not a midpoint failure and hence the 3. Otherwise the failure is not a midpoint failure and hence the
node "S" may apply other protection techniques that are beyond node "S" may apply other protection techniques that are beyond
the scope of this document or simply drop the packet and wait for the scope of this document or simply drop the packet and wait for
normal protocol conversion. normal protocol convergence.
6. Measurements on Real Networks 6. TI-LFA and SR algorithms
This section presents measurements performed on real service SR allows an operator to bind an algorithm to a prefix SID (as
provider and large enterprise networks. The objective of the defined in [RFC8402]. The algorithm value dictates how the path to
measurements is to assess the number of SIDs required in an explicit the prefix is computed. The SR default algorithm is known has the
path when the mechanism described in this document are used to "Shortest Path" algorithm. The SR default algorithm allows an
protect against the failure scenarios within the scope of this operator to override the IGP shortest path by using local policies.
document. The number of segments described in this section are When TI-LFA uses Node-SIDs associated with the default algorithm,
applicable to instantiating segment routing over the MPLS forwarding there is no guarantee that the path will be loop-free as a local
plane. policy may have overriden the expected IGP path. As the local
policies are defined by the operator, it becomes the responsibility
of this operator to ensure that the deployed policies do not affect
the TI-LFA deployment. It should be noted that such situation can
already happen today with existing mechanisms as remote LFA.
When a Node-SID is associated with the SR default algorithm,
enforcing TI-LFA to use Node-SIDs associated with a strict SPF
algorithm is a definitive solution to this problem.
[I-D.ietf-lsr-flex-algo] defines a flexible algorithm (FlexAlgo)
framework to be associated with Prefix SIDs. FlexAlgo allows a user
to associate a constrained path to a Prefix SID rather than using the
regular IGP shortest path. An implementation MAY support TI-LFA to
protect Node-SIDs associated to a FlexAlgo. In such a case, rather
than computing the expected post-convergence path based on the
regular SPF, an implementation SHOULD use the constrained SPF
algorithm bound to the FlexAlgo instead of the regular Dijkstra in
all the SPF/rSPF computations that are occurring during the TI-LFA
computation. This includes the computation of the P-Space and
Q-Space as well as the post-convergence path.
7. Usage of Adjacency segments in the repair list
The repair list of segments computed by TI-LFA may contain one or
more adjacency segments. An adjacency segment may be protected or
not protected.
S --- R2 --- R3 --- R4 --- R5 --- D
\ | \ /
R7 -- R8
| |
R9 -- R10
Figure 3
In Figure 3, all the metrics are equal to 1 except
R2-R7,R7-R8,R8-R4,R7-R9 which have a metric of 1000. Considering R2
as a PLR to protect against the failure of node R3 for the traffic
S->D, the repair list computed by R2 will be [adj(R7-R8),adj(R8-R4)]
and the outgoing interface will be to R7. If R3 fails, R2 pushes the
repair list onto the incoming packet to D. During the FRR, if R7-R8
fails and if TI-LFA has picked a protected adjacency segment for
adj(R7-R8), R7 will push an additional repair list onto the packet
following the procedures defined in Section 5.
To avoid the possibility of this double FRR, an implementation of TI-
LFA MAY pick only non protected adjacency segments when building the
repair list.
8. Measurements on Real Networks
This section presents measurements performed on real service provider
and large enterprise networks. The objective of the measurements is
to assess the number of SIDs required in an explicit path when the
mechanism described in this document are used to protect against the
failure scenarios within the scope of this document. The number of
segments described in this section are applicable to instantiating
segment routing over the MPLS forwarding plane.
The measurements below indicate that for link and local SRLG The measurements below indicate that for link and local SRLG
protection, a 1 SID repair path delivers more than 99% coverage. For protection, a 1 SID repair path delivers more than 99% coverage. For
node protection a 2 SIDs repair path yields 99% coverage. node protection a 2 SIDs repair path yields 99% coverage.
Table 1 below lists the characteristics of the networks used in our Table 1 below lists the characteristics of the networks used in our
measurements. The measurements are carried out as follows measurements. The measurements are carried out as follows
o For each network, the algorithms described in this document are o For each network, the algorithms described in this document are
applied to protect all prefixes against link, node, and local applied to protect all prefixes against link, node, and local SRLG
SRLG failure failure
o For each prefix, the number of SIDs used by the repair path is o For each prefix, the number of SIDs used by the repair path is
recored recored
o The percentage of number of SIDs are listed in Tables 2A/B, 3A/B, o The percentage of number of SIDs are listed in Tables 2A/B, 3A/B,
and 4A/B and 4A/B
The measurements listed in the tables indicate that for link and The measurements listed in the tables indicate that for link and
local SRLG protection, 1 SID repair paths are sufficient to protect local SRLG protection, 1 SID repair paths are sufficient to protect
more than 99% of the prefix in almost all cases. For node protection more than 99% of the prefix in almost all cases. For node protection
2 SIDs repair paths yield 99% coverage. 2 SIDs repair paths yield 99% coverage.
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| Network | Nodes | Circuits |Node-to-Link| SRLG info? | | Network | Nodes | Circuits |Node-to-Link| SRLG info? |
| | | | Ratio | | | | | | Ratio | |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T1 | 408 | 665 | 1 : 63 | Yes | | T1 | 408 | 665 | 1 : 63 | Yes |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T2 | 587 | 1083 | 1 : 84 | No | | T2 | 587 | 1083 | 1 : 84 | No |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
skipping to change at page 13, line 29 skipping to change at page 17, line 47
| T6 | 50 | 78 | 1 : 56 | No | | T6 | 50 | 78 | 1 : 56 | No |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T7 | 82 | 293 | 3 : 57 | No | | T7 | 82 | 293 | 3 : 57 | No |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T8 | 35 | 41 | 1 : 17 | Yes | | T8 | 35 | 41 | 1 : 17 | Yes |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T9 | 177 | 1371 | 7 : 74 | Yes | | T9 | 177 | 1371 | 7 : 74 | Yes |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
Table 1: Data Set Definition Table 1: Data Set Definition
The rest of this section presents the measurements done on the The rest of this section presents the measurements done on the actual
actual topologies. The convention that we use is as follows topologies. The convention that we use is as follows
o 0 SIDs: the calculated repair path starts with a directly o 0 SIDs: the calculated repair path starts with a directly
connected neighbor that is also a loop free alternate, in which connected neighbor that is also a loop free alternate, in which
case there is no need to explicitly route the traffic using case there is no need to explicitly route the traffic using
additional SIDs. This scenario is described in Section 4.1. additional SIDs. This scenario is described in Section 4.1.
o 1 SIDs: the repair node is a PQ node, in which case only 1 SID is o 1 SIDs: the repair node is a PQ node, in which case only 1 SID is
needed to guarantee loop-freeness. This scenario is covered in needed to guarantee loop-freeness. This scenario is covered in
Section 4.2. Section 4.2.
o 2 or more SIDs: The repair path consists of 2 or more SIDs as o 2 or more SIDs: The repair path consists of 2 or more SIDs as
described in Sections 4.3 and 4.4. We do not cover the case for described in Sections 4.3 and 4.4. We do not cover the case for 2
2 SIDs (Section 4.3) separately because there was no SIDs (Section 4.3) separately because there was no granularity in
granularity in the result. Also we treat the node-SID+adj-SID and the result. Also we treat the node-SID+adj-SID and node-SID +
node-SID + node-SID the same because they do not differ from the node-SID the same because they do not differ from the data plane
data plane point of view. point of view.
Table 2A and 2B below summarize the measurements on the number of Table 2A and 2B below summarize the measurements on the number of
SIDs needed for link protection SIDs needed for link protection
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| Network | 0 SIDs | 1 SID | 2 SIDs | 3 SIDs | | Network | 0 SIDs | 1 SID | 2 SIDs | 3 SIDs |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T1 | 74.227% | 25.256% | 0.517% | 0.001% | | T1 | 74.227% | 25.256% | 0.517% | 0.001% |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T2 | 81.097% | 18.738% | 0.165% | 0.0% | | T2 | 81.097% | 18.738% | 0.165% | 0.0% |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T3 | 95.878% | 4.067% | 0.056% | 0.0% | | T3 | 95.878% | 4.067% | 0.056% | 0.0% |
+-------------+------------+------------+------------+------------+ +-------------+------------+------------+------------+------------+
| T4 | 62.547% | 35.666% | 1.788% | 0.0% | | T4 | 62.547% | 35.666% | 1.788% | 0.0% |
skipping to change at page 17, line 5 skipping to change at page 21, line 19
| T6 | 78.362% | 99.682% | 100.0% |100.0% | 100% | | T6 | 78.362% | 99.682% | 100.0% |100.0% | 100% |
+---------+----------+----------+----------+----------+----------+ +---------+----------+----------+----------+----------+----------+
| T7 | 66.106% | 98,918% | 100.0% |100.0% | 100% | | T7 | 66.106% | 98,918% | 100.0% |100.0% | 100% |
+---------+----------+----------+----------+----------+----------+ +---------+----------+----------+----------+----------+----------+
| T8 | 59.712% | 100.0% | 100.0% |100.0% | 100% | | T8 | 59.712% | 100.0% | 100.0% |100.0% | 100% |
+---------+----------+----------+----------+----------+----------+ +---------+----------+----------+----------+----------+----------+
| T9 | 98.950% | 100.0% | 100.0% |100.0% | 100% | | T9 | 98.950% | 100.0% | 100.0% |100.0% | 100% |
+---------+----------+----------+----------+----------+----------+ +---------+----------+----------+----------+----------+----------+
Table 4B: Node protection (repair size cumulative distribution) Table 4B: Node protection (repair size cumulative distribution)
7. Security Considerations 9. Security Considerations
The techniques described in this document is internal The techniques described in this document are internal
functionality to a router that result in the ability to guarantee functionalities to a router that result in the ability to guarantee
an upper bound on the time taken to restore traffic flow upon the an upper bound on the time taken to restore traffic flow upon the
failure of a directly connected link or node. As these techniques failure of a directly connected link or node. As these techniques
steer traffic to the post-convergence path as quickly as possible, steer traffic to the post-convergence path as quickly as possible,
this serves to minimize the disruption associated with a local this serves to minimize the disruption associated with a local
failure which can be seen as a modest security enhancement. The failure which can be seen as a modest security enhancement. The
protection mechanisms does not protect external destinations, but protection mechanisms does not protect external destinations, but
rather provides quick restoration for destination that are rather provides quick restoration for destination that are internal
internal to a routing domain. to a routing domain.
8. IANA Considerations 10. IANA Considerations
No requirements for IANA No requirements for IANA
9. Conclusions 11. Conclusions
This document proposes a mechanism that is able to pre-calculate a This document proposes a mechanism that is able to pre-calculate a
backup path for every primary path so as to be able to protect backup path for every primary path so as to be able to protect
against the failure of a directly connected link, node, or SRLG. against the failure of a directly connected link, node, or SRLG. The
The mechanism is able to calculate the backup path irrespective of mechanism is able to calculate the backup path irrespective of the
the topology as long as the topology is sufficiently redundant. topology as long as the topology is sufficiently redundant.
10. References 12. Acknowledgments
10.1. Normative References We would like to thank Les Ginsberg, Stewart Bryant, Alexander
Vainsthein, Chris Bowers for their valuable comments.
10.2. Informative References 13. References
[1] Filsfils, C., Previdi, S., Decraene, B., Litkowski, S., and R. 13.1. Normative References
Shakir, "Segment Routing Architecture", draft-ietf-spring-
segment-routing-08 (work in progress), May 2016.
[2] Shand, M. and S. Bryant, "IP Fast Reroute Framework", RFC [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
5714, January 2010. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[3] Filsfils, C., Francois, P., Shand, M., Decraene, B., Uttaro, [RFC7916] Litkowski, S., Ed., Decraene, B., Filsfils, C., Raza, K.,
J., Leymann, N., and M. Horneffer, "Loop-Free Alternate (LFA) Horneffer, M., and P. Sarkar, "Operational Management of
Applicability in Service Provider (SP) Networks", RFC 6571, Loop-Free Alternates", RFC 7916, DOI 10.17487/RFC7916,
June 2012. July 2016, <https://www.rfc-editor.org/info/rfc7916>.
[4] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. So, [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
"Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
7490, DOI 10.17487/RFC7490, April 2015, <http://www.rfc- May 2017, <https://www.rfc-editor.org/info/rfc8174>.
editor.org/info/rfc7490>.
[5] Litkowski, S., Ed., Decraene, B., Filsfils, C., Raza, K., [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Horneffer, M., and P. Sarkar, "Operational Management of Loop- Decraene, B., Litkowski, S., and R. Shakir, "Segment
Free Alternates", RFC 7916, DOI 10.17487/RFC7916, July 2016, Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
<https://www.rfc-editor.org/info/rfc7916>. July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[6] Bashandy, A., Filsfils, C., and Litkowski, S., " Loop 13.2. Informative References
avoidance using Segment Routing", draft-bashandy-rtgwg-
segment-routing-uloop-00, (work in progress), May 2017
[7] Filsfils, C., Previdi, S., Decraene, B., Litkowski, S., and [I-D.bashandy-rtgwg-segment-routing-uloop]
Shakir, R, "Segment Routing Architecture", draft-ietf-spring- Bashandy, A., Filsfils, C., Litkowski, S., and P.
segment-routing-11 (work in progress), February 2017 Francois, "Loop avoidance using Segment Routing", draft-
bashandy-rtgwg-segment-routing-uloop-04 (work in
progress), September 2018.
11. Acknowledgments [I-D.ietf-lsr-flex-algo]
Psenak, P., Hegde, S., Filsfils, C., Talaulikar, K., and
A. Gulko, "IGP Flexible Algorithm", draft-ietf-lsr-flex-
algo-01 (work in progress), November 2018.
We would like to give Les Ginsberg special thanks for the valuable [I-D.ietf-spring-segment-routing-policy]
comments and contribution Filsfils, C., Sivabalan, S., daniel.voyer@bell.ca, d.,
bogdanov@google.com, b., and P. Mattes, "Segment Routing
Policy Architecture", draft-ietf-spring-segment-routing-
policy-02 (work in progress), October 2018.
This document was prepared using 2-Word-v2.0.template.dot. [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for
IP Fast Reroute: Loop-Free Alternates", RFC 5286,
DOI 10.17487/RFC5286, September 2008,
<https://www.rfc-editor.org/info/rfc5286>.
[RFC5714] Shand, M. and S. Bryant, "IP Fast Reroute Framework",
RFC 5714, DOI 10.17487/RFC5714, January 2010,
<https://www.rfc-editor.org/info/rfc5714>.
[RFC6571] Filsfils, C., Ed., Francois, P., Ed., Shand, M., Decraene,
B., Uttaro, J., Leymann, N., and M. Horneffer, "Loop-Free
Alternate (LFA) Applicability in Service Provider (SP)
Networks", RFC 6571, DOI 10.17487/RFC6571, June 2012,
<https://www.rfc-editor.org/info/rfc6571>.
[RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N.
So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)",
RFC 7490, DOI 10.17487/RFC7490, April 2015,
<https://www.rfc-editor.org/info/rfc7490>.
Authors' Addresses Authors' Addresses
Pierre Francois Stephane Litkowski
INSA Lyon Orange
Email: pierre.francois@insa-lyon.fr France
Email: stephane.litkowski@orange.com
Ahmed Bashandy Ahmed Bashandy
Arrcus Individual
Email: abashandy.ietf@gmail.com Email: abashandy.ietf@gmail.com
Clarence Filsfils Clarence Filsfils
Cisco Systems Cisco Systems
Brussels, Belgium Brussels
Belgium
Email: cfilsfil@cisco.com Email: cfilsfil@cisco.com
Bruno Decraene Bruno Decraene
Orange Orange
Issy-les-Moulineaux Issy-les-Moulineaux
FR France
Email: bruno.decraene@orange.com Email: bruno.decraene@orange.com
Pierre Francois
INSA Lyon
Stephane Litkowski Email: pierre.francois@insa-lyon.fr
Orange
FR
Email: stephane.litkowski@orange.com
Daniel Voyer Daniel Voyer
Bell Canada Bell Canada
Canada Canada
Email: daniel.voyer@bell.ca
Pablo Camarillo Email: daniel.voyer@bell.ca
Cisco Systems
Email: pcamaril@cisco.com
Francois Clad Francois Clad
Cisco Systems Cisco Systems
Email: fclad@cisco.com Email: fclad@cisco.com
Pablo Camarillo
Cisco Systems
Email: pcamaril@cisco.com
 End of changes. 145 change blocks. 
403 lines changed or deleted 643 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/