One document matched: draft-morin-l3vpn-mvpn-fast-failover-02.xml
<?xml version="1.0"?>
<?rfc toc="yes"?><?rfc tocompact="yes"?><?rfc tocdepth="3"?><?rfc tocindent="yes"?><?rfc symrefs="yes"?><?rfc sortrefs="yes"?><?rfc comments="yes"?><?rfc inline="yes"?><?rfc compact="yes"?><?rfc subcompact="no"?><rfc category="exp" docName="draft-morin-l3vpn-mvpn-fast-failover-02" ipr="trust200811">
<front>
<title abbrev="mVPN fast upstream failover">Multicast VPN fast upstream
failover</title>
<author fullname="Thomas Morin" initials="T." surname="Morin">
<organization>France Telecom - Orange Labs</organization>
<address>
<postal>
<street>2, avenue Pierre Marzin</street>
<city>Lannion</city>
<code>22307</code>
<country>France</country>
</postal>
<email>thomas.morin@orange-ftgroup.com</email>
</address>
</author>
<author fullname="Yakov Rekhter" initials="Y." surname="Rekhter">
<organization>Juniper Networks</organization>
<address>
<postal>
<street>1194 North Mathilda Ave.</street>
<city>Sunnyvale</city>
<region>CA</region>
<code>94089</code>
<country>U.S.A.</country>
</postal>
<email>yakov@juniper.net</email>
</address>
</author>
<author fullname="Rahul Aggarwal" initials="R." surname="Aggarwal">
<organization>Juniper Networks</organization>
<address>
<postal>
<street>1194 North Mathilda Ave.</street>
<city>Sunnyvale</city>
<region>CA</region>
<code>94089</code>
<country>U.S.A.</country>
</postal>
<email>rahul@juniper.net</email>
</address>
</author>
<author fullname="Wim Henderickx" initials="W." surname="Henderickx">
<organization>Alcatel-Lucent</organization>
<address>
<postal>
<street>Copernicuslaan 50</street>
<city>Antwerp</city>
<code>2018</code>
<country>Belgium</country>
</postal>
<email>wim.henderickx@alcatel-lucent.com</email>
</address>
</author>
<author fullname="Praveen Muley" initials="P." surname="Muley">
<organization>Alcatel-Lucent</organization>
<address>
<postal>
<street>701 East Middlefield Rd</street>
<city>Mountain View</city>
<region>CA</region>
<code>94043</code>
<country>U.S.A.</country>
</postal>
<email>praveen.muley@alcatel-lucent.com</email>
</address>
</author>
<date year="2009"/>
<abstract>
<t>This document defines multicast VPN extensions and procedures that
allow fast failover for upstream failures, by allowing downstream PEs to
take into account the status of Provider-Tunnels (P-tunnels) when
selecting the upstream PE for a VPN multicast flow, and extending BGP
mVPN routing so that a C-multicast route can be advertised toward a
standby upstream PE.</t>
</abstract>
<note title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref target="RFC2119">RFC 2119</xref>.</t>
</note>
</front>
<middle>
<section title="Introduction">
<t>In the context of multicast in BGP/MPLS VPNs, it is desirable to
provide mechanisms allowing fast recovery of connectivity on different
types of failures. This document addresses failures of elements in the
provider network that are upstream of PEs connected to VPN sites with
receivers.</t>
<t>The sections <xref format="counter" target="tunnel-status"/>
and <xref format="counter" target="standby-join"/> describe two
independent mechanisms, allowing different levels of resiliency, and
providing different failure coverage:<list style="symbols">
<t>Section <xref format="counter" target="tunnel-status"/>
describes local procedures allowing an egress PE (a PE connected to
a receiver site) to take into account the status of P-Tunnels to
determine the Upstream Multicast Hop (UMH) for a given (C-S,
C-G).</t>
<t>Section <xref format="counter" target="standby-join"/>
describes protocol extensions that can speed up failover by not
requiring any multicast VPN routing message exchange at recovery
time.</t>
</list></t>
<t>Moreover, section <xref format="counter" target="hot-standby"/>
describes a "hot leaf standby" mechanism, that uses a combination of
these two mechanisms. This approach has similarities with the solution
described in <xref target="I-D.karan-mofrr"/> to improve failover
times when PIM routing is used in a network given some topology and
metric constraints.</t>
<t/>
</section>
<section title="Terminology">
<t>The terminology used in this document is the terminology defined in
<xref target="I-D.ietf-l3vpn-2547bis-mcast"/> and <xref target="I-D.ietf-l3vpn-2547bis-mcast-bgp"> </xref>.</t>
</section>
<section anchor="tunnel-status" title="UMH Selection based on tunnel status">
<t>Current <xref target="I-D.ietf-l3vpn-2547bis-mcast">multicast VPN
specifications</xref>, section 5.1, describe the procedures used by a
multicast VPN downstream PE to determine what the upstream multicast hop
(UMH) is for a said (C-S,C-G).</t>
<t>The procedure described here is an OPTIONAL procedure that consist in
having a downstream PE take into account the status of P-tunnels rooted
at each possible upstream PEs, for including or not including each said
PE in the list of candidate UMHs for a said (C-S,C-G) state. The result
is that, if a P-tunnel is "down" (see <xref target="tunnel-status-determination"/>), the PE that is the root
of the P-Tunnel will not be considered for UMH selection, which will
result in the downstream PE to failover to the upstream PE which is next
in the list of candidates.</t>
<t>More precisely, UMH determination for a said (C-S,C-G) will consider
the UMH candidates in the following order:<list style="symbols">
<t>first, the UMH candidates that either (a) advertise a PMSI bound
to a tunnel that is "up", or (b) do not advertise any I- or S- PMSI
applicable to the said (C-S,C-G) but have associated a VRF Route
Import BGP attribute to the unicast VPN route for S (this is
necessary to avoid considering invalid some UMH PEs that use a a
policy where no I-PMSI is advertized for a said VRF and where only
S-PMSI are used, the S-PMSI advertisement being possibly done only
after the upstream PE receives a C-multicast route for (C-S,
C-G)/(C-*, C-G) to be carried over the advertised S-PMSI)</t>
<t>second, the UMH candidates that advertise a PMSI bound to a
tunnel that is "down" -- these will thus be used as a last resort to
ensure a graceful fallback to the basic mVPN UMH selection
procedures in the hypothetical case where a false negative would
occur when determining the status of all tunnels</t>
</list>For a said downstream PE and a said VRF, the P-tunnel
corresponding to a said upstream PE for a said (C-S,C-G) state is the
S-PMSI tunnel advertized by that upstream PE for this (C-S,C-G) and
imported into that VRF, or if there isn't any such S-PMSI, the I-PMSI
tunnel advertized by that PE and imported into that VRF.</t>
<t>Note that this documents assumes that if a site of a given mVPN that
contains C-S is dual-homed to two PEs, then all the other sites of that
mVPN would have two unicast VPN routes (VPN-IPv4 or VPN-IPv6) routes to
C-S, each with its own RD.</t>
<section anchor="tunnel-status-determination" title="Determining the status of a tunnel">
<t>Different factors can be considered to determine the "status" of a
P-tunnel and are described in the following sub-sections. The
procedure proposed here also allows that all downstream PEs don't
apply the same rules to define what the status of a P-tunnel is
(please see <xref target="dups"> </xref>), and some of them will
produce a result that may be different for different downstream PEs.
Thus what is called the "status" of a P-tunnel in this section, is not
a characteristic of the tunnel in itself, but is the status of the
tunnel, <spanx style="strong">as seen from a particular downstream PE</spanx>.</t>
<t>Depending on the criteria used to determine the status of a
P-tunnel, there may be an interaction with other resiliency mechanism
used for the P-tunnel itself, and the UMH update may happen
immediately or may need to be delayed. Each particular case is covered
in each separate sub-section below.</t>
<section title="mVPN tunnel root tracking">
<t>A condition to consider that the status of a P-tunnel is up is
that the root of the tunnel, as determined in the PMSI tunnel
attribute, is reachable through unicast routing tables. In this case
the downstream PE can immediately update its UMH when the
reachability condition changes.</t>
<t>This is similar to BGP next-hop tracking for VPN routes, except
that the address considered is not the BGP next-hop address, but the
root address in the PMSI tunnel attribute.</t>
<t>If BGP next-hop tracking is done for VPN routes, and the root
address of a said tunnel happens to be the same as the next-hop
address in the BGP autodiscovery route advertising the tunnel, then
this mechanisms may be omitted for this tunnel, as it will not bring
any specific benefit.</t>
</section>
<section title="PE-P Upstream link status">
<t>A condition to consider a tunnel status as up can be that the
last-hop link of the P-tunnel is up.</t>
<t>In that case, if the PE can determine that there is no fast
restoration mechanism (such as <xref target="RFC4090">MPLS
FRR</xref>) in place for the P-tunnel, it can update the UMH
immediately. Else, it should wait before updating the UMH, to let
the P-tunnel restoration mechanims happen. A configurable timer MUST
be provided for this purpose, and it is recommended to provide a
reasonable default value for this timer.</t>
</section>
<section title="P2MP RSVP-TE tunnels">
<t>For P-Tunnels of type P2MP MPLS-TE, the status of the P-Tunnel is
considered up if one or more of the P2MP RSVP-TE LSPs, identified by
the P-Tunnel Attribute, are in up state. The determination of
whether a P2MP RSVP-TE LSP is in up state requires Path and Resv
state for the LSP and is based on procedures in <xref target="RFC4875"/>. In this case the downstream PE can
immediately update its UMH when the reachability condition
changes.</t>
<t>When signaling state for a P2MP TE LSP is removed (e.g. if the
ingress of the P2MP TE LSP sends a PathTear message) or the P2MP TE
LSP changes state from up to down as determined by procedures in
<xref target="RFC4875"/>, the status of the corresponding
P-Tunnel SHOULD be re-evaluated. If the P-Tunnel transitions from up
to down state, the upstream PE, that is the ingress of the P-Tunnel,
SHOULD not be considered a valid UMH.</t>
</section>
<section title="Leaf-initiated P-tunnels">
<t>A PE can be removed from the UMH candidate list for a said (S,G)
if the P-tunnel for this S,G (I or S , depending) is leaf triggered
(PIM, mLDP), but for some reason internal to the protocol the
upstream one-hop branch of the tunnel from P to PE cannot be built.
In this case the downstream PE can immediately update its UMH when
the reachability condition changes.</t>
</section>
<section title="P2MP LSP OAM">
<t>When a P2MP connectivity verification mechanism such as <xref target="I-D.katz-ward-bfd-multipoint"/> used in conjunction
with bootstraping mechanisms described in <xref target="I-D.ietf-mpls-mcast-cv"/> has been setup for a tunnel,
the result of the connectivity verification can be used to define
the status of the tree.</t>
<t>If a MultipointHead session has been established on a P2MP MPLS
LSP so that BFD packets are periodically sent from the root toward
leaves, a condition to consider the status of corresponding tunnel
as up is that the BFD SessionState is Up.</t>
<t>When such a procedure is used, in context where fast restoration
mechanisms are used for the P-tunnels, downstream PEs should be
configured to wait before updating the UMH, to let the P-tunnel
restoration mechanims happen. A configurable timer MUST be provided
for this purpose, and it is recommended to provide a reasonable
default value for this timer.</t>
</section>
<section title="(S,G) counter information">
<t>In cases, where the downstream node can be configured so that the
maximum inter-packet time is known for all the multicast flows
mapped on a P-tunnel, the local per-(C-S,C-G) traffic counter
information for traffic received on this P-tunnel can be used to
determine the status of the P-tunnel.</t>
<t>When such a procedure is used, in context where fast restoration
mechanisms are used for the P-tunnels, downstream PEs should be
configured to wait before updating the UMH, to let the P-tunnel
restoration mechanims happen. A configurable timer MUST be provided
for this purpose, and it is recommended to provide a reasonable
default value for this timer.</t>
<t>This method can be applicable for instance when a (S,G) flow is
mapped on an S-PMSI.</t>
<t>In cases where this mechanism is used in conjunction with <xref format="title" target="hot-standby"/>, then no prior knowledge
of the rate of the multicast streams is required ; downstream PEs
can compare reception on the two P-tunnels to determine when one of
them is down.</t>
</section>
</section>
</section>
<section anchor="standby-join" title="Standby C-multicast route">
<t>The procedures described below are limited to the case where the site
that contains C-S is connected to exactly two PEs. The procedures
require all the PEs of that mVPN to follow the single forwarder PE
selection, as specified in <xref target="I-D.ietf-l3vpn-2547bis-mcast"/>. The procedures assume
that if a site of a given mVPN that contains C-S is dual-homed to two
PEs, then all the other sites of that mVPN would have two unicast VPN
routes (VPN-IPv4 or VPN-IPv6) routes to C-S, each with its own RD.</t>
<t>As long as C-S is reachable via both PEs, a said downstream PE will
select one of the PEs connected to C-S as its Upstream PE with respect
to C-S. We will refer to the other PE connected to C-S as the "Standby
Upstream PE". Note that if the connectivity to C-S through the Primary
Upstream PE becomes unavailable, then the PE will select the Standby
Upstream PE as its Upstream PE with respect to C-S.</t>
<t>For readability, in the following sub-sections, the procedures are
described for BGP C-multicast Source Tree Join routes, but they apply
equally to BGP C-multicast Shared Tree Join routes failover for the case
where the customer RP is dual-homed (substitute "C-RP" to "C-S").</t>
<section anchor="ds-behavior" title="Downstream PE behavior">
<t>When a (downstream) PE connected to some site of an mVPN needs to
send a C-multicast route (C-S, C-G), then following the procedures
specified in Section "Originating C-multicast routes by a PE" of <xref target="I-D.ietf-l3vpn-2547bis-mcast-bgp"/> the PE sends the
C-multicast route with RT that identifies the Upstream PE selected by
the PE originating the route. As long as C-S is reachable via the
Primary Upstream PE, the Upstream PE is the Primary Upstream PE. If
C-S is reachable only via the Standby Upstream PE, then the Upstream
PE is the Standby Upstream PE.</t>
<t>If C-S is reachable via both the Primary and the Standby Upstream
PE, then in addition to sending the C-multicast route with an RT that
identifies the Primary Upstream PE, the PE also originates and sends a
C-multicast route with an RT that identifies the Standby Upstream PE.
This route, that has the semantic of being a 'standby' C-multicast
route, is further called a "Standby BGP C-multicast route", and is
constructed as follows:</t>
<t><list style="symbols">
<t>the NLRI is constructed as the original C-multicast route,
except that the RD is the same as if the C-multicast route was
built using the standby PE as the UMH (it will carry the RD
associated to the unicast VPN route advertised by the standby PE
for S)</t>
<t>MUST carry the "Standby PE" BGP Community (this is a new BGP
Community, see <xref target="IANA"/>)</t>
</list></t>
<t>The normal and the standby C-multicast routes must have their Local
Preference attribute adjusted so that, if two C-multicast routes with
same NLRI are received by a BGP peer, one carrying the "Standby PE"
attribute and the other one <spanx style="strong">not</spanx> carrying
the "Standby PE" community, then preference is given to the one <spanx style="strong">not</spanx> carrying the "Standby PE" attribute. Such a
situation can happen when, for instance due to transient unicast
routing inconistencies, two different downstream PEs consider
different upstream PEs to be the primary one ; in that case, without
any precaution taken, both upstream PEs would process a standby
C-multicast route and possibly stop forwarding at the same time. For
this purpose a Standby BGP C-multicast route MUST have the LOCAL_PREF
attribute set to zero.</t>
<t>If at some later point the local PE determines that C-S is no
longer reachable through the Primary Upstream PE, the Standby Upstream
PE becomes the Upstream PE, and the local PE re-sends the C-multicast
route with RT that identifies the Standby Upstream PE, except that now
the route does not carry the Standby PE BGP Community (which results
in replacing the old route with a new route, with the only difference
between these routes being the presence/absence of the Standby PE BGP
Community).</t>
</section>
<section anchor="us-behavior" title="Upstream PE behavior">
<t>When a PE receives a C-multicast route for a particular (C-S, C-G),
and the RT carried in the route results in importing the route into a
particular VRF on the PE, if the route carries the Standby PE BGP
Community, then the PE performs as follows: <list style="hanging">
<t hangText="">when the PE determines that C-S is not reachable
through some other PE, the PE SHOULD install VRF PIM state
corresponding to this Standby BGP C-multicast route (the result
will be that a PIM Join message will be sent to the CE towards
C-S, and that the PE will receive (C-S,C-G) traffic), and the PE
SHOULD forward (C-S, C-G) traffic received by the PE to other PEs
through a P-tunnel rooted at the PE.</t>
</list></t>
<t>Furthermore, irrespective of whether C-S carried in that route is
reachable through some other PE:</t>
<t><list style="hanging">
<t hangText="a)">based on local policy, as soon as the PE receives
this Standby BGP C-multicast route, the PE MAY install VRF PIM
state corresponding to this BGP Source Tree Join route (the result
will be that Join messages will be sent to the CE toward C-S, and
that the PE will receive (C-S,C-G) traffic)</t>
<t hangText="b)">based on local policy, as soon as the PE receives
this Standby BGP C-multicast route, the PE MAY forward (C-S, C-G)
traffic to other PEs through a P-tunnel independently of the
reachability of C-S through some other PE. [note that this implies
also doing (a)]</t>
</list></t>
<t>Doing neither (a), nor (b) for a said (C-S,C-G) is called "cold
root standby".</t>
<t>Doing (a) but not (b) for a said (C-S,C-G) is called "warm root
standby".</t>
<t>Doing (b) (which implies also doing (a)) for a said (C-S,C-G) is
called "hot root standby".</t>
</section>
<section title="Reachability determination">
<t>The standby PE can use the following information to determine that
C-S can or cannot be reached through the primary PE:<list style="symbols">
<t>presence/absence of a unicast VPN route toward C-S</t>
<t>supposing that the standby PE is an egress of the tunnel rooted
at the Primary PE, the standby PE can determine the reachability
of C-S through the Primary PE based on the status of this tunnel,
determined thanks to the same criteria as the ones described in
<xref target="tunnel-status-determination"/> (without using
the UMH selection procedures of <xref target="tunnel-status"/>)</t>
<t>other mechanisms MAY be used</t>
</list></t>
</section>
</section>
<section anchor="hot-standby" title="Hot leaf standby">
<t>The mechanisms defined in the two previous section can be used
together as follows.</t>
<t>The principle is that, for a said VRF (or possibly only for a said
C-S,C-G):<list style="symbols">
<t>downstream PEs advertise a Standby BGP C-multicast route (based
on <xref target="standby-join"/>)</t>
<t>upstream PEs use the "hot standby" optional behavior and thus
will forward traffic for a said multicast state as soon as they have
whether a (primary) BGP C-multicast route or a Standby BGP
C-multicast route for that state (or both)</t>
<t>downstream PEs accept traffic from the primary or standby tunnel,
based on the status of the tunnel (based on <xref target="tunnel-status"/>)</t>
</list></t>
<t>Note that the same level of protection would be achievable with a
simple C-multicast Source Tree Join route advertised to both the primary
and secondary upstream PEs (carrying as Route Target extended
communities, the values of the VRF Route Import attribute of each VPN
route from each upstream PEs). The advantage of using the hot leaf
standby semantic is that by making these downstream PEs always advertise
a Standby C-multicast route to the secondary upstream PE, it allows to
choose the protection level through a change of configuration on the
secondary upstream PE, without requiring any reconfiguration of all the
downstream PEs.</t>
<t>Other combinations of the mechanisms proposed in <xref target="standby-join"/> and <xref target="tunnel-status"/>
are for further study.</t>
</section>
<section anchor="dups" title="Duplicate packets">
<t><xref target="I-D.ietf-l3vpn-2547bis-mcast">Multicast VPN
specifications</xref> impose that a PE only forwards to CEs the packets
coming from the expected usptream PE (Section 9.1).</t>
<t>We highlight the reader's attention to the fact that the respect of
this part of multicast VPN specifications is especially important when
two distinct upstream PEs are succeptible to forward the same traffic on
P-tunnels at the same time in steady state. This will be the case when
"hot root standby" mode is used (<xref target="standby-join"/>),
and which can also be the case if procedures of <xref target="tunnel-status"/> are used and (a) the rules determining
the status of a tree are not the same on two distinct downstream PEs or
(b) the rule determining the status of a tree depend on conditions local
to a PE (e.g. the PE-P upstream link being up).</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>Allocation is expected from IANA for the BGP "Standby PE" community.
(TBC)</t>
<t>[Note to RFC Editor: this section may be removed on publication as an
RFC.]</t>
</section>
<section anchor="Security" title="Security Considerations">
<t/>
</section>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>The authors want to thank Ray Qiu for its review and useful feedback.
</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='reference.RFC.2119'?>
<?rfc include='reference.I-D.ietf-l3vpn-2547bis-mcast'
?>
<?rfc include='reference.I-D.ietf-l3vpn-2547bis-mcast-bgp'?>
<?rfc include='reference.RFC.4875'?>
</references>
<references title="Informative References">
<?rfc include='reference.I-D.ietf-mpls-mcast-cv'?>
<?rfc include='reference.I-D.katz-ward-bfd-multipoint'?>
<?rfc ?>
<?rfc include='reference.RFC.4090'?>
<?rfc include='reference.I-D.karan-mofrr'?>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 03:18:59 |