idnits 2.17.00 (12 Aug 2021) /tmp/idnits57736/draft-ietf-mpls-mldp-node-protection-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC6388]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 15, 2015) is 2440 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5420' is mentioned on line 103, but not defined == Missing Reference: 'RFC5286' is mentioned on line 104, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'AFI' Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group IJ. Wijnands, Ed. 3 Internet-Draft K. Raza 4 Intended status: Standards Track Cisco Systems, Inc. 5 Expires: March 18, 2016 A. Atlas 6 Juniper Networks, Inc. 7 J. Tantsura 8 Ericsson 9 Q. Zhao 10 Huawei Technology 11 September 15, 2015 13 mLDP Node Protection 14 draft-ietf-mpls-mldp-node-protection-06 16 Abstract 18 This document describes procedures to support node protection for 19 Point-to-Multipoint and Multipoint-to-Multipoint Label Switched Paths 20 (MP LSPs) that have been built by the "Multipoint Label Distribution 21 Protocol"(mLDP) [RFC6388]. In order to protect a node N, the Point 22 of Local Repair (PLR) Label Switched Router (LSR) of N must learn the 23 Merge Point (MPT) LSR(s) of node N such that traffic can be 24 redirected to them in case node N fails. Redirecting the traffic 25 around the failed node N depends on existing P2P LSPs. The pre- 26 established LSPs originate from the PLR LSR and terminate on the MPT 27 LSRs while bypassing LSR N. 29 Status of this Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at http://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on March 18, 2016. 46 Copyright Notice 48 Copyright (c) 2015 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 1.1. Conventions used in this document . . . . . . . . . . . . 3 65 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 66 2. PLR Determination . . . . . . . . . . . . . . . . . . . . . . 4 67 2.1. Transit node procedure . . . . . . . . . . . . . . . . . . 4 68 2.2. MP2MP root node procedure . . . . . . . . . . . . . . . . 5 69 2.3. PLR information encoding . . . . . . . . . . . . . . . . . 6 70 3. Using the tLDP session . . . . . . . . . . . . . . . . . . . . 8 71 4. Link or node failure . . . . . . . . . . . . . . . . . . . . . 10 72 4.1. Re-convergence after node/link failure . . . . . . . . . . 11 73 4.1.1. Node failure . . . . . . . . . . . . . . . . . . . . . 11 74 4.1.2. Link failure . . . . . . . . . . . . . . . . . . . . . 12 75 4.1.3. Switching to new primary path . . . . . . . . . . . . 12 76 5. mLDP Capabilities for Node Protection . . . . . . . . . . . . 12 77 5.1. PLR capability . . . . . . . . . . . . . . . . . . . . . . 13 78 5.2. MPT capability . . . . . . . . . . . . . . . . . . . . . . 13 79 5.3. The Protected LSR . . . . . . . . . . . . . . . . . . . . 13 80 5.4. The Node Protection Capability . . . . . . . . . . . . . . 14 81 6. Security Considerations . . . . . . . . . . . . . . . . . . . 15 82 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 15 83 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 84 9. Contributor Addresses . . . . . . . . . . . . . . . . . . . . 16 85 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 86 10.1. Normative References . . . . . . . . . . . . . . . . . . . 16 87 10.2. Informative References . . . . . . . . . . . . . . . . . . 16 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 90 1. Introduction 92 This document describes procedures to support node protection for 93 Point-to-Multipoint and Multipoint-to-Multipoint Label Switched Paths 94 (MP LSPs) that have been built by the "Multipoint Label Distribution 95 Protocol"(mLDP) [RFC6388]. In order to protect a node N, the Point 96 of Local Repair (PLR) LSR of N must learn the Merge Point (MPT) 97 LSR(s) of node N such that traffic can be redirected to them in case 98 node N fails. Redirecting the traffic around the failed node N 99 depends on existing P2P LSPs. The pre-established LSPs originate 100 from the PLR LSR and terminate on the MPT LSRs while bypassing LSR N. 101 The procedures to setup these P2P LSPs are outside the scope of this 102 document, but one can imagine using Resource Reservation Protocol for 103 Traffic Engineering (RSVP-TE) [RFC5420] or Label Distribution 104 Protocol (LDP) Loop Free Alternative (LFA) [RFC5286] based techniques 105 to accomplish this. 107 The solution described in this document notifies the PLR(s) of the 108 MPT LST(s) via signalling using a Targeted LDP (tLDP) session 109 [RFC7060]. By having a tLDP session with the PLR, no additional 110 procedures need to be defined in order to support Make-Before-Break 111 (MBB), Graceful Restart (GR) and Typed Wildcard FEC support. All 112 this is achieved at the expense of having additional tLDP sessions 113 between each MPT and PLR LSR. 115 In order for a node to be protected, the protecterd node, the PLR and 116 the MPT MUST support the procedures as described in this draft. 117 Detecting the protected node, PLR and MPT support these procedures is 118 done using [RFC5561]. 120 1.1. Conventions used in this document 122 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 123 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 124 document are to be interpreted as described in RFC 2119 [RFC2119]. 126 The terms "node" is used to refer to an LSR and used interchangeably. 127 The terms "PLR" and "MPT" are used as shorthand to refer to "PLR LSR" 128 and "MPT LSR" respectively. 130 1.2. Terminology 132 mLDP: Multipoint extensions to LDP. 134 PLR: Point of Local Repair (the LSR that redirects the traffic to 135 one or more Merge Point LSRs). 137 MPT: Merge Point (the LSR that merges the backup LSP with primary 138 LSP. Note, there can be multiple MPT LSRs for a single MP-LSP 139 node protection). 141 tLDP: Targeted LDP. 143 MP LSP: Multi-Point LSP (either a P2MP or MP2MP LSP). 145 root node: The root of either a P2MP or MP2MP LSP as defined in 146 [RFC6388]. 148 2. PLR Determination 150 In order for a MPT to establish a tLDP session with a PLR, it first 151 has to learn the PLR for a particular MP LSP. It is the 152 responsibility of the protected node N to advertise the address of 153 the PLR to the MPT. The PLR address for a MP LSP on node N is the 154 address of the upstream LDP peer, but only when node N is NOT the 155 root node of the MP2MP LSP. If the upstream LDP peer is unable to 156 function as PLR, the procedures in this document do not apply and are 157 out of the scope. If node N is the root node, the procedures are 158 slightly different as described in Section 2.2. The procedures that 159 follow assume that all the participating nodes (N, PLRs, MPTs) are 160 enabled (e.g., by a user configuration) to support and implement the 161 PLR determination feature. 163 The procedures as documented in this draft requires the protected 164 node to be directly connected to the PLR and MPT nodes. This because 165 mLDP depends on unicast routing to determine the upstream LSR and 166 unicast routing (by default) only has information about the next-hop 167 and not beyond that. Support for non-directly connected PLR and MPT 168 nodes is outside the scope of this document. 170 2.1. Transit node procedure 172 Find below the procedures for when the protected node is a transit 173 node along the path to the root. 175 root 176 ^ 177 | 178 (LSR1) 179 . | . 180 . | . 181 . (N) . 182 . / \ . 183 . / \. 184 (LSR2) (LSR3) 185 | | 186 Figure 1. 188 N: The node being protected, 189 ...: Backup LSPs from LSR1 to LSR2 and LSR3. 191 Node N uses the root address of the MP LSP to determine the upstream 192 LSR for a given MP LSP following the procedures as documented in 193 [RFC6388] section 2.4.1.1. The upstream LSR in figure 1 is LSR1 194 because it is the first hop along the shortest path to reach the root 195 address. After determining the upstream LSR, node N (which has the 196 node protection feature enabled), MUST advertise the address of LSR1 197 as the PLR address to the downstream members of the MP LSP (i.e., 198 LSR2 and LSR3) if the given downstream member has announced support 199 for node protection (see Section 5) during Capability negotiation). 200 For the format and encoding of PLR address information, see 201 Section 2.3. 203 Note, in order for the protected traffic to reach nodes LSR2 and 204 LSR3, LSR1 MUST have two unidirectinal LSPs to LSR2 and LSR3, 205 bypassing node N. Procedures how to setup these LSPs are outside the 206 scope of this documemnt. 208 2.2. MP2MP root node procedure 210 Find below the procedures for when the protected node is the root of 211 a MP2MP LSP. Consider figure 2 below; 212 | 213 (LSR1) 214 . | . 215 . | . 216 . (N) . root 217 . / \ . 218 . / \. 219 (LSR2)....(LSR3) 220 | | 221 Figure 2. 223 N: The MP2MP root node being protected. 224 ...: Backup LSPs between LSR1, LSR2 and LSR3. 226 Assume that LSR1, LSR2 and LSR3 are all members of a MP2MP LSP for 227 which N is the root node. Since N is the root of the MP2MP LSP, 228 there is no upstream LSR and no 'single' PLR LSR for protecting node 229 N. In order to protect node N, all the directly connected members of 230 the MP2MP must participate in protecting node N by acting both as PLR 231 and MPT LSR. An LSR will act as MPT for traffic coming from the 232 other LSR(s) and it will act as PLR for traffic it is sending to the 233 other LSR(s). Since node N knows the members of the MP2MP LSP, it 234 will advertise the member list to its directly connected members, 235 excluding the member it is sending to. For example, node N will 236 advertise {LSR3,LSR1} list to LSR2 excluding LSR2 from it. Instead 237 of advertising a single PLR when node N is not the root, a list of 238 PLRs is advertised using the procedures documented in Section 2.3. 240 It should be noted that the MP2MP root node protection mechanism 241 doesn't replace the Root Node Redundancy (RNR) procedures as 242 described in [RFC6388] section 7. The node protection procedures in 243 this draft will help in restoring traffic for the existing MP2MP LSPs 244 after node failure, but a new root node has to be elected eventually 245 in order to allow new MP2MP LSPs to be created. 247 Note, in order for the protected traffic to be exchanged between 248 nodes LSR1, LSR2 and LSR3, bidirectional LSPs have to exist between 249 the LSRs, bypassing node N. Procedures how to setup these LSPs are 250 outside the scope of this documemnt. 252 2.3. PLR information encoding 254 The upstream LSR address is conveyed via an LDP Notification message 255 with an MP Status TLV, where the MP status TLV contains a new "PLR 256 Status Value Element" that specifies the address of the PLR. 258 The new "PLR Status Value Element" is encoded as follows; 259 PLR Status Element: 261 0 1 2 3 262 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 263 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 264 | Type = TBA-1 | Length | Addr Family | 265 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 266 | Addr Fam cont | Num PLR entry | | 267 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 268 | | 269 | PLR entry (1 or more) ~ 270 | | 271 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 273 Where 275 Type: PLR Status Value Element (Type TBA-1 to be assigned by IANA) 277 Length: The Length field is an unsigned integer that encodes the 278 length of the Status Value following the Length field. The 279 encoded Length varies based on the Addr Family and the number of 280 PLR entries. 282 Addr Family: Two octet quantity containing a value from IANA's 283 [AFI] registry that encodes the address family for the PLR Address 284 encoded in the PLR entry. 286 Num PLR entry: Element as an unsigned, non-zero integer followed 287 by that number of "PLR entry" fields in the format specified 288 below. 290 The format of a "PLR Entry" is as follows: 292 0 1 2 3 293 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 295 |A| Reserved | PLR address | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 ~ PLR address (cont) ~ 298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 300 Where 302 A bit: 0 = Withdraw, 1 = Add. 304 Reserved: 15 bits, MUST be zero on transmit and ignored on receipt 305 PLR address: PLR Address encoded according to Address Family field 306 encoded in the PLR Status Value Element. Note, the length of the 307 PLR address field is specific to the Address Family that is 308 encoded. 310 The size of a "PLR Entry" is the 2 octets ("A bit + Reserved") + PLR 311 address length. The length of the PLR address is dependent on the 312 Address Family as encoded in the PLR Status Value Element. The size 313 of a "PLR entry" is 6 octets and 18 octets respectively for an IPv4 314 PLR address and an IPv6 PLR address. 316 If the PLR address on N changes for a given MP LSP, N needs to 317 trigger a new PLR Status to update the MPT(s). A node N can 318 advertise or withdraw a given PLR from its PLR set by setting the "A 319 bit" to 1 or 0 respectively in the corresponding PLR entry. Removing 320 a PLR address is likely due to a link failure, see the procedures as 321 documented in Section 4.1. To remove all PLR addresses belonging to 322 the encoded Address Family, an LSR N MUST encode PLR Status Value 323 Element with no PLR entry and "Num PLR entry" field MUST be set to 324 zero. 326 Along with the PLR Status a MP FEC TLV [RFC5036] MUST be included in 327 the LDP Notification message so that a receiver is able to associate 328 the PLR Status with the MP LSP. 330 3. Using the tLDP session 332 The receipt of a PLR MP Status (with PLR addresses) for a MP LSP on a 333 receiving LSR makes it an MPT for node protection. If not already 334 established, the MPT LSR MUST establish a tLDP session with all of 335 the learned PLR addresses using the procedures as documented in 336 [RFC7060]. 338 Using Figure 1 as the reference topology, let us assume that both 339 LSR2 and LSR3 are MPTs and have established a tLDP session with the 340 PLR being LSR1. Assume that both LSR2 and LSR3 have a FEC with 341 a upstream LSR N and label Ln assigned to FEC towards N. The MPTs 342 will create a secondary upstream LSR (using the received PLR address) 343 and assigned a Label Lpx to FEC towards PLR for it. The MPTs 344 will do that for each PLR address that was learned for the MP LSP. 345 In this example, the MPTs will have a FEC with two local labels 346 associated with it. Ln that was assigned to N via the normal mLDP 347 procedures, and Label Lpx that was assigned for PLR (LSR1) for the 348 purpose of node protecting MP LSP via node N. Note, when the 349 protected node is a MP2MP root node, there will be an upstream LSR 350 for each PLR address that was advertised along with a unique Label 351 Lpx. 353 The receipt of a FEC Label Mapping alone over the tLDP session from 354 MPT on a PLR conveys the label information but does not convey the 355 node being protected. The information about a protected node is 356 known to the MPT LSR and needs to be communicated to the PLR as well. 357 For this reason, the FEC Label Mapping (FEC : Lpx) sent by the 358 MPT over the tLDP session to the PLR MUST include a Status TLV with 359 MP Status including a new LDP MP status Value Element called the 360 "Protected Node Status Value Element". This new value element is 361 used to specify the address of the node being protected. The 362 "Protected Node Status Value Element" has the following format; 364 0 1 2 3 365 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 366 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 | Type = TBA-2 | Length | Addr Family | 368 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 | Addr Fam cont | Node address ~ 370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 372 Type : Protected Node Status Value Element (Type TBA-2 to be 373 assigned by IANA) 375 Length: The Length field is an unsigned integer that encodes the 376 length of the Status Value following the Length field. The 377 encoded Length varies based on the Address Family and is 6 octets 378 (for Address Family + IPv4 address and 18 octets for Address 379 Family + IPv6 address. 381 Addr Family: Two octet quantity containing a value from IANA's 382 [AFI] registry that encodes the address family for the Node 383 Address. 385 Node address: Protected node address encoded according to Address 386 Family field. 388 When a PLR receives a Label Mapping for FEC that includes a 389 Protected Node Status, it will only use that label binding once the 390 Node advertised in the Status value becomes unreachable. If the LSP 391 is a MP2MP LSP, the PLR would have assigned a Label Mapping for the 392 upstream MP2MP FEC Element to the MPT ([RFC6388] section 3) for FEC 393 . This label binding on the MPT MUST only be used once node N 394 becomes unreachable. 396 The procedures to determine if a node is unreachable is a local 397 decision and not spelled out in this draft. Typically link failure 398 or Bidirectional Forwarding Detection (BFD) can be used to determine 399 and detect node unreachability. 401 4. Link or node failure 403 Consider the following topology; 405 root 406 ^ 407 | 408 . (LSR1) 409 . / | . 410 . (M) | . 411 . \ | . 412 . (N) . 413 . / \ . 414 . / \. 415 (LSR2) (LSR3) 416 | | 417 Figure 3. 419 N: The node being protected 420 M: The backup node to protect link LSR1 - N 421 ...; Backup LSPs from LSR1 to LSR2 and LSR3. 423 Assume that LSR1 is the PLR for protected node N, LSR2 and LSR3 are 424 MPTs for node N. When LSR1 discovers that node N is unreachable, it 425 cannot immediately determine whether it is the link from LSR1 to N or 426 the actual node N that has failed. In Figure 3, the link between 427 LSR1 and N is also protected using Fast ReRoute (FRR) [RFC4090] link 428 protection via node M. LSR1 MAY potentially invoke both protection 429 mechanisms at the same time, that is redirection of the traffic using 430 link protection via node M to N, and for node protection directly to 431 LSR1 and LSR2. If only the link failed, LSR2 and LSR3 will receive 432 the packets twice due to the two protection mechanisms. To prevent 433 duplicate packets being forwarded to the receivers on the tree, LSR2 434 and LSR3 need to determine from which upstream node they should 435 accept the packets. This can be either from the primary upstream LSR 436 N or from the secondary upstream LSR1, but never both at the same 437 time. The selection between the primary upstream LSR or (one or 438 more) secondary upstream LSRs (on LSR2 and LSR3) is based on the 439 reachability of the protected node N. As long as N is reachable from 440 an MPT, the MPT should accept and forward the MPLS packets from N. 441 Once N becomes unreachable, the LSPs from secondary upstream PLR LSRs 442 (LSR1 in our example) are activated. Note that detecting if N is 443 unreachable is a local decision and not spelled out in this draft. 445 Typically link failure or Bidirectional Forwarding Detection (BFD) 446 can be used to determine and detect node unreachability. 448 4.1. Re-convergence after node/link failure 450 Consider the following topology; 452 root 453 ^ 454 _ | 455 /. (LSR1) 456 /. /. | .\ 457 /. (M). | .\ 458 (P). \. | .\ 459 \. ( N ) .(Q) 460 \. / \ ./ 461 \. / \ ./ 462 (LSR2) (LSR3) 463 | | 464 Figure 4. 466 N: The node being protected. 467 M: The backup node to protect link 'LSR1 - N'. 468 P and Q: The nodes on the new primary path after failure of node N. 469 ...: P2P backup LSPs. 471 Assume that LSR1 has detected that Node N is unreachable and invoked 472 both the Link Protection and Node Protection procedures as described 473 in this example. LSR1 is acting as PLR and sending traffic over both 474 the backup P2P LSP to node N (via M) and the P2P LSPs directly to 475 LSR2 and LSR3, acting as MPT LSRs. The sequence of events is 476 dependent on whether the link from LSR1 to N has failed or node N 477 itself. The nodes downstream from the protected node (and 478 participating in node protection) MUST have the capability to 479 determine that the protected node has become unreachable. Otherwise 480 the procedures below can not be applied. 482 4.1.1. Node failure 484 If node N failed, both LSR2 and LSR3 will have changed the primary 485 upstream LSR to the secondary upstream LSR (LSR1) due to node N being 486 unreachable. With that, the label bindings previously assigned to 487 LSR1 will be activated on the MPTs (LSR2 and LSR3) and the label 488 binding to N will be disabled. Traffic is now switched over to the 489 label bindings that were installed for node protection. 491 4.1.2. Link failure 493 If the link 'LSR1 - N' has failed, both LSR2 and LSR3 will not change 494 the primary upstream LSR because node N is still reachable. LSR2 and 495 LSR3 will receive traffic over two different bindings, the primary 496 label binding assigned to node N (due to link protection via node M) 497 as well as over the binding assigned to LSR1 for the node protection. 498 Since the secondary upstream LSRs have not been activated, the 499 traffic received due to node protection will be dropped. Node N will 500 re-converge and update LSR2 and LSR3 (Section 2.3) with the 501 information that the PLR address (LSR1) is no longer applicable and 502 must be removed. In response, LSR2 and LSR3 MUST send a Label 503 Withdraw to LSR1 to withdraw the label binding. This will stop the 504 traffic being forwarded over the backup P2P LSPs for node protection. 505 LSR1 will respond back with a Label Release as soon as the binding 506 has been removed. 508 4.1.3. Switching to new primary path 510 The network will eventually re-converge and a new best path to the 511 root will be found by LSR2 and LSR3. LSR2 will find that P is its 512 new primary upstream LSR to reach the Root and LSR3 will find Q. Note 513 that although the current active upstream LSR can either be node N or 514 LSR1 (depending on link or node failure), it does not matter for the 515 following procedures. Both LSR2 and LSR3 SHOULD use the Make-Before- 516 Break (MBB) procedures as described in [RFC6388] section 8 to switch 517 to the new primary upstream node. As soon as the new primary 518 upstream LSRs P and Q are activated, a Label Withdraw message MUST be 519 sent to the old upstream LSR. Note that an upstream LSR switchover 520 from a tLDP neighbor to a directly connected LDP neighbor is no 521 different compared to switching between two directly connected 522 neighbors. After the Label Withdraw message has been received by 523 LSR1 or node N, forwarding will stop and a Label Release will be 524 sent. 526 When it is determined that after re-convergence there is no more 527 interest in the tLDP session between the MPT and the PLR, the tLDP 528 session MAY be taken down. It is possible that having no more 529 interest in the tLDP session is temporarily due to link flapping. In 530 order to avoid the tLDP session from flapping, it is RECOMMENDED to 531 apply a delay before tearing down the session. Determining the delay 532 is a local implementation matter. 534 5. mLDP Capabilities for Node Protection 536 In order to describe the capabilities of the participating LSRs, this 537 document is organizing it per role in the network i.e., Point of 538 Local Repair (PLR), Merge Point (MPT), and Protected Node (as 539 depicted in Fig 1). 541 5.1. PLR capability 543 A PLR node should handle the following conditions; 545 1. Accept an incoming tLDP session from the MPT LSR. 547 2. Support the receipt of a "Protected Node Status Value Element" 548 status in a MP Status TLV over tLDP session. 550 3. Upon node failure detection, capable of switching traffic towards 551 one or more MPT(s) over P2P LSP (bypassing N) using the labels 552 previously advertised for MP LSPs over the tLDP session. 554 An LSR capable of performing these actions will advertise it self as 555 PLR capable in the Node Protection capability (see Section 5.4). 556 This is a unidirectional capability announced from PLR to the 557 protected LSR. 559 5.2. MPT capability 561 An MPT node should handle the following conditions; 563 1. Support the receipt of "PLR Status Value Element" in a MP Status 564 TLV from a protected node N. 566 2. Support to transmit "Protected Node Status Value Element" in a MP 567 Status TLV to a PLR. 569 A LSR capable of performing these actions will advertise itself as 570 MPT capable in the Node Protection capability (see Section 5.4). 571 This is a unidirectional capability from MPT to the protected LSR. 573 5.3. The Protected LSR 575 A protected node should handle the following conditions; 577 1. Determine the PLR and MPT capability for directly connected 578 upstream and downstream LSRs for a given MP FEC. 580 2. Support transmitting of "PLR Status Value Element" in a MP Status 581 TLV to one or more downstream MPT LSRs. 583 The protected LSR does not advertise any capability for mLDP Node 584 Protection because it does not need to receive any of the defined MP 585 Status values as described above. However, the protected node does 586 play an important role in the signaling and setup of the node 587 protection. For a given FEC, the protected node can only send PLR 588 information to a downstream LSR if the PLR has signaled the PLR 589 capability and the downstream LSR has signaled the MPT capability. 590 When the downstream LSR (acting as MPT) receives the PLR status, it 591 can implicitly infer that the advertised LSR(s) are PLR capable. The 592 MPT LSR can now proceed with setting up a tLDP session with the 593 PLR(s) and MP LSP node protection signaling. 595 5.4. The Node Protection Capability 597 We define a single capability "MP Node Protection Capability" to 598 announce the PLR and MPT capability. 600 The format of the capability parameter TLV is as follows: 602 0 1 2 3 603 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 604 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 |U|F| Type = TBA-3 | Length = 2 | 606 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 607 |S| Reserved |P|M| Reserved | 608 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 610 Where 612 U/F bits: MUST be set to 1 and 0 respectively (as per [RFC5561]) 614 Type: MP Node Protection Capability (Type = TBA-3 to be assigned 615 by IANA) 617 Length: Unsigned integer, MUST be set to 2. 619 S bit: Set to 1 to announce and 0 to withdraw the capability (as 620 per [RFC5561]) 622 P bit: Set to 1 to indicate the PLR is capable of MP LSP node 623 protection 625 M bit: Set to 1 to indicate the MPT is capable of MP LSP node 626 protection 628 Reserved: MUST be zero on transmit and ignored on receipt 630 The above capability can be sent in an LDP Initialization message to 631 announce capability at the session establishment time, or it can be 632 sent in LDP Capability message to dynamically update (announce or 633 withdraw) its capability towards its peer using procedures specified 634 in [RFC5561]. 636 An LSR that supports the PLR functionality LSR MAY send this 637 capability to its downstream MP peers with "P" bit set; whereas, an 638 LSR that supports an the MPT functionality MAY send this capability 639 to its upstream peer with "M" bit set. Moreover, an LSR that 640 supports both the PLR and MPT functionality MAY sent this capability 641 to its peers with both "P" and "M" bit set. 643 6. Security Considerations 645 The same security considerations apply as those for the base mLDP 646 specification, as described in [RFC6388] and [RFC5920]. 648 7. IANA considerations 650 IANA is requested to allocate two new code points from the "LDP MP 651 Status Value Element type" registry within the Label Distribution 652 Protocol (LDP) Parameters; 654 Value | Name | Reference 655 ------+----------------------------------------+----------- 656 TBA-1 | PLR Status Value Element | this doc 657 ------+----------------------------------------+----------- 658 TBA-2 | Protected Node Status Value Element | this doc 660 IANA is requested to assign a new code points for a new Capability 661 Parameter TLV. The code point should be assigned from the IETF 662 Consensus range of the "TLV Type Name Space" registry within the LDP 663 Parameters. The lowest available new code point after 0x0970 should 664 be used. 666 Value | Description | Reference | Notes/Reg Date 667 ------+-------------------------------+-----------+--------------- 668 TBA-3 | MP Node Protection Capability | This doc | 670 8. Acknowledgments 672 The authors like to thank Nagendra Kumar, Duan Hong, Martin 673 Vigoureux, Kenji Fujihira, Loa Andersson for their comments and Elwyn 674 Davies for his great review of this document. 676 9. Contributor Addresses 678 Below is a list of other contributing authors in alphabetical order: 680 Eric Rosen 681 Juniper Networks, Inc. 682 10 Technology Park Drive 683 Westford 684 MA 01886 685 USA 686 erosen@juniper.net 688 10. References 690 10.1. Normative References 692 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 693 Requirement Levels", BCP 14, RFC 2119, March 1997. 695 [RFC5036] Andersson, L., Minei, I., and B. Thomas, "LDP 696 Specification", RFC 5036, October 2007. 698 [RFC6388] Wijnands, IJ., Minei, I., Kompella, K., and B. Thomas, 699 "Label Distribution Protocol Extensions for Point-to- 700 Multipoint and Multipoint-to-Multipoint Label Switched 701 Paths", RFC 6388, November 2011. 703 [RFC5561] Thomas, B., Raza, K., Aggarwal, S., Aggarwal, R., and JL. 704 Le Roux, "LDP Capabilities", RFC 5561, July 2009. 706 [RFC7060] Napierala, M., Rosen, E., and IJ. Wijnands, "Using LDP 707 Multipoint Extensions on Targeted LDP Sessions", RFC 7060, 708 November 2013. 710 [AFI] "IANA, Address Family Identifier (AFIs), http:// 711 www.iana.org/assignments/address-family-numbers/address- 712 family-numbers.xhtml", July 2013. 714 10.2. Informative References 716 [RFC4090] Pan, P., Swallow, G., and A. Atlas, "Fast Reroute 717 Extensions to RSVP-TE for LSP Tunnels", RFC 4090, 718 May 2005. 720 [RFC5920] Fang, L., "Security Framework for MPLS and GMPLS 721 Networks", RFC 5920, July 2010. 723 Authors' Addresses 725 IJsbrand Wijnands (editor) 726 Cisco Systems, Inc. 727 De kleetlaan 6a 728 Diegem 1831 729 Belgium 731 Email: ice@cisco.com 733 Kamran Raza 734 Cisco Systems, Inc. 735 2000 Innovation Drive 736 Ottawa Ontario K2K-3E8 737 Canada 739 Email: skraza@cisco.com 741 Alia Atlas 742 Juniper Networks, Inc. 743 10 Technology Park Drive 744 Westford MA 01886 745 USA 747 Email: akatlas@juniper.net 749 Jeff Tantsura 750 Ericsson 751 300 Holger Way 752 San Jose CA 95134 753 USA 755 Email: jeff.tantsura@ericsson.com 757 Quintin Zhao 758 Huawei Technology 759 125 Nagog Technology Park 760 Acton MA 01719 761 USA 763 Email: quintin.zhao@huawei.com