Internet-Draft | BIER-TE Ingress Protection | May 2023 |
Chen, et al. | Expires 21 November 2023 | [Page] |
This document describes extensions to Path Computation Element (PCE) communication Protocol (PCEP) for protecting the ingress of a BIER-TE path.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 21 November 2023.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The fast protection of a transit node of a "Bit Index Explicit Replication" (BIER) Traffic Engineering (BIER-TE) path or tunnel is described in [I-D.chen-bier-te-frr]. [RFC8424] presents extensions to RSVP-TE for the fast protection of the ingress node of a traffic engineering (TE) Label Switching Path (LSP). However, these documents do not discuss any protocol extensions for the fast protection of the ingress node of a BIER-TE path or tunnel.¶
This document fills that gap and specifies protocol extensions to Path Computation Element (PCE) communication Protocol (PCEP) for the fast protection of the ingress node of a BIER-TE path or tunnel. Ingress node and ingress, fast protection and protection as well as BIER-TE path and BIER-TE tunnel will be used exchangeably in the following sections.¶
The following terminologies are used in this document.¶
Figure 1 shows an example of protecting ingress PE1 of a BIER-TE path, which is from ingress PE1 to egress nodes PE3 and PE4. This primary BIER-TE path is represented by *** in the figure. The ingress of the primary BIER-TE path is called primary ingress.¶
The backup BIER-TE path is from ingress PE2 to egress nodes PE3 and PE4, which is represented by ### in the figure. The ingress of the backup BIER-TE path is called backup ingress.¶
In normal operations, CE1 sends the packets with a multicast group and source to ingress PE1, which imports/encapsulates the packets into the BIER-TE path through adding a BIER-TE header. The header contains the BIER-TE path from ingress PE1 to egress nodes PE3 and PE4.¶
When CE1 detects the failure of ingress PE1 using a failure detection mechanism such as BFD, it switches the traffic to backup ingress PE2, which imports the traffic from CE1 into the backup BIER-TE path. When the traffic is imported into the backup path, it is sent to the egress nodes PE3 and PE4 along the path.¶
Given the traffic source (e.g., CE1), ingress (e.g., PE1) and egresses (e.g., PE3 and PE4) of the primary BIER-TE path, the PCE computes a backup ingress (e.g., PE2), a backup BIER-TE path from the backup ingress to the egresses, and sends the backup BIER-TE path to the PCC of the backup ingress. It also sends the backup ingress, primary ingress and the traffic description to the PCC of the traffic source (e.g., CE1).¶
When the PCC of the traffic source receives the backup ingress, primary ingress and traffic description, it sets up the fast detection of the primary ingress failure and the switch over target backup ingress. This setup lets the traffic source node switch the traffic (to be sent to the primary ingress) to the backup ingress when it detects the failure of the primary ingress.¶
When the PCC of the backup ingress receives the backup BIER-TE path, it adds a forwarding entry into its BIFT. This entry encapsulates the packets from the traffic source in the backup BIER-TE path. This makes the backup ingress send the traffic received from the traffic source to the egress nodes via the backup BIER-TE path.¶
This section describes the behavior of some nodes connected to the ingress before and after the ingress fails. These nodes are the traffic source (e.g., CE1) and the backup ingress (e.g., PE2). It presents three ways in which these nodes work together to protect the ingress. The first way is called source detect, where the traffic source is responsible for fast detecting the failure of the ingress. The second way is called backup ingress detect, in which the backup ingress is responsible for fast detecting the failure of the ingress. The third way is called both detect, where both the traffic source and the backup ingress are responsible for fast detecting the failure of the ingress.¶
In normal operations, i.e., before the failure of the ingress, the traffic source sends the traffic to the ingress of the primary BIER-TE path. The backup ingress (e.g., PE2) is ready to import the traffic from the traffic source into the backup BIER-TE path installed.¶
When the traffic source detects the failure of the ingress, it switches the traffic to the backup ingress, which delivers the traffic to the egress nodes of the BIER-TE path via the backup BIER-TE path.¶
The traffic source (e.g., CE1) always sends the traffic to both the ingress (e.g., PE1) of the primary BIER-TE path and the backup ingress (e.g., PE2).¶
The backup ingress does not import any traffic from the traffic source into the backup BIER-TE path in normal operations. When it detects the failure of the ingress of the primary BIER-TE path, it imports the traffic from the source into the backup BIER-TE path.¶
For the backup ingress to fast detect the failure of the primary ingress, it SHOULD directly connect to the primary ingress. When a PCE computes a backup ingress and a backup BIER-TE path, it SHOULD consider this.¶
In normal operations, i.e., before the failure of the ingress, the traffic source sends the traffic to the ingress of the primary BIER-TE path. When it detects the failure of the ingress, it switches the traffic to the backup ingress.¶
The backup ingress does not import any traffic from the traffic source into the backup BIER-TE path in normal operations. When it detects the failure of the ingress of the primary BIER-TE path, it imports the traffic from the source into the backup BIER-TE path.¶
A PCC runs on each of the edge nodes such as PEs and CEs of a network normally. A PCE runs on a server as a controller to communicate with PCCs. The PCE and the PCCs running on backup ingress PEs and traffic source CEs work together to support protection for the ingress of a BIER-TE path.¶
When a PCE and a PCC running on a backup ingress establish a PCEP session between them, they exchange their capabilities of supporting protection for the ingress node of a BIER-TE path/tunnel.¶
A new sub-TLV called BIER-TE_INGRESS_PROTECTION_CAPABILITY is defined. It is included in the PATH_SETUP_TYPE_CAPABILITY TLV with PST = TBD1 (suggested value 2 for protecting the ingress of a BIER-TE path/tunnel) in the OPEN object, which is exchanged in Open messages when a PCC and a PCE establish a PCEP session between them. Its format is illustrated below.¶
2 octets. Two flag bits are defined.¶
A PCC, which supports ingress protection for a BIER-TE tunnel/path, sends a PCE an Open message containing BIER-TE_INGRESS_PROTECTION_CAPABILITY sub-TLV. This sub-TLV indicates that the PCC is capable of supporting the ingress protection for a BIER-TE tunnel/path.¶
A PCE, which supports ingress protection for a BIER-TE tunnel/path, sends a PCC an Open message containing BIER-TE_INGRESS_PROTECTION_CAPABILITY sub-TLV. This sub-TLV indicates that the PCE is capable of supporting the ingress protection for a BIER-TE tunnel/path.¶
If both a PCC and a PCE support BIER-TE_INGRESS_PROTECTION_CAPABILITY, each of the Open messages sent by the PCC and PCE contains PATH-SETUP-TYPE-CAPABILITY TLV with a PST list containing PST=TBD1 and a BIER-TE-INGRESS_PROTECTION_CAPABILITY sub-TLV.¶
If a PCE receives an Open message without a BIER-TE_INGRESS_PROTECTION_CAPABILITY sub-TLV from a PCC, then the PCE MUST not send the PCC any request for ingress protection of a BIER-TE path/tunnel.¶
If a PCC receives an Open message without a BIER-TE_INGRESS_PROTECTION_CAPABILITY sub-TLV from a PCE, then the PCC MUST ignore any request for ingress protection of a BIER-TE path/tunnel from the PCE.¶
If a PCC sets D flag to zero, then the PCE SHOULD send the PCC an Open message with A flag set to one and the fast detection of the failure of the primary ingress MUST be done by the traffic source. When the PCE sends the PCC a message for initiating a backup BIER-TE path, the PCC MUST let the forwarding entry for the backup BIER-TE path be Active.¶
When a PCE and a PCC running on a traffic source node establish a PCEP session between them, they exchange their capabilities of supporting protection for the ingress node of a BIER-TE path/tunnel.¶
The PCECC-CAPABILITY sub-TLV defined in [I-D.ietf-pce-pcep-extension-for-pce-controller] is included in the OPEN object in the PATH-SETUP-TYPE-CAPABILITY TLV, which is exchanged in Open messages when a PCC and a PCE establish a PCEP session between them.¶
A new flag bit P is defined in the Flags field of the PCECC-CAPABILITY sub-TLV:¶
This section specifies the extensions to PCEP for the backup ingress and the traffic source. The extensions let the traffic source¶
The extensions let the backup ingress¶
The following lists the combinations of Si and Bi (i = 1,2) for different ways of failure detects.¶
For the packets from the traffic source, if the primary ingress (i.e., the ingress of the primary BIER-TE path) encapsulates the packets with a service ID or label into the BIER-TE path, the backup ingress MUST have this service ID or label and encapsulates the packets with the service ID or label into the backup BIER-TE path when the primary ingress fails.¶
If the backup ingress is requested to detect the failure of the primary ingress, it MUST have the information about the primary ingress such as the address of the primary ingress.¶
A new TLV called BIER-TE_INGRESS_PROTECTION TLV is defined to transfer the information about the primary ingress and/or the service ID or label. When a PCE sends the PCC of a backup ingress a PCInitiate message for initiating a backup BIER-TE path/tunnel to protect the primary ingress of a primary BIER-TE path/tunnel, the message contains this TLV in the RP/SRP object. Its format is illustrated below.¶
2 octets. One flag bit is defined.¶
A flag bit: it is set to 1 or 0 by PCE.¶
Two optional sub-TLVs are defined. One is Service sub-TLV. The other is Primary-Ingress sub-TLV. The Multicast Flow Specification TLV for IPv4 or IPv6, which is defined in [I-D.ietf-pce-pcep-flowspec], is used as a sub-TLV to indicate the traffic to be imported into the backup BIER-TE path.¶
A Service sub-TLV contains a service label such as VPN service label or ID to be added into a packet to be carried by a BIER-TE path/tunnel. It has two formats: one for the service identified by a label and the other for the service identified by a service identifier (ID) of 32 or 128 bits, which are illustrated below.¶
A Primary-Ingress sub-TLV indicates the IP address of the primary ingress node of a primary BIER-TE path/tunnel. It has two formats: one for primary ingress node IPv4 address and the other for primary ingress node IPv6 address, which are illustrated below.¶
If the traffic source is requested to detect the failure of the primary ingress and switch the traffic (to be sent to the primary ingress) to the backup ingress when the primary ingress fails, it MUST have the information about the backup ingress, the primary ingress and the traffic. This information may be transferred via a CCI object for BIER-TE-INGRESS-PROTECTION to the PCC of the traffic source node from a PCE.¶
If the traffic source PCC does not accept the request from the PCE or support the extensions, the PCE SHOULD have the information about the behavior of the traffic source configured such as whether it detects the failure of the primary ingress. Based on the information, the PCE instructs the backup ingress accordingly.¶
The Central Control Instructions (CCI) Object is defined in [I-D.ietf-pce-pcep-extension-for-pce-controller] for a PCE as a controller to send instructions for LSPs to a PCC. This document defines a new object-type (TBDt) for BIER-TE ingress protection based on the CCI object. The body of the object with the new object-type is illustrated below. The object may be in PCRpt, PCUpd, or PCInitiate message.¶
Two flag bits D and B are defined as follows:¶
The primary ingress sub-TLV defined above is used as a TLV to contain the information about the primary ingress in the object. The Multicast Flow Specification TLV for IPv4 or IPv6, which is defined in [I-D.ietf-pce-pcep-flowspec], is used to contain the information about the traffic in the object. A new TLV, called backup ingress TLV, is defined to contain the information about the backup ingress in the object.¶
A Backup-Ingress TLV indicates the IP address of the ingress node of a backup BIER-TE path/tunnel. It has two formats: one for backup ingress node IPv4 address and the other for backup ingress node IPv6 address, which are illustrated below. They have the same format as the Primary-Ingress sub-TLVs.¶
TBD¶