summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc5286.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc5286.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc5286.txt')
-rw-r--r--doc/rfc/rfc5286.txt1739
1 files changed, 1739 insertions, 0 deletions
diff --git a/doc/rfc/rfc5286.txt b/doc/rfc/rfc5286.txt
new file mode 100644
index 0000000..96907a0
--- /dev/null
+++ b/doc/rfc/rfc5286.txt
@@ -0,0 +1,1739 @@
+
+
+
+
+
+
+Network Working Group A. Atlas, Ed.
+Request for Comments: 5286 BT
+Category: Standards Track A. Zinin, Ed.
+ Alcatel-Lucent
+ September 2008
+
+
+ Basic Specification for IP Fast Reroute: Loop-Free Alternates
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Abstract
+
+ This document describes the use of loop-free alternates to provide
+ local protection for unicast traffic in pure IP and MPLS/LDP networks
+ in the event of a single failure, whether link, node, or shared risk
+ link group (SRLG). The goal of this technology is to reduce the
+ packet loss that happens while routers converge after a topology
+ change due to a failure. Rapid failure repair is achieved through
+ use of precalculated backup next-hops that are loop-free and safe to
+ use until the distributed network convergence process completes.
+ This simple approach does not require any support from other routers.
+ The extent to which this goal can be met by this specification is
+ dependent on the topology of the network.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 1]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 1.1. Failure Scenarios . . . . . . . . . . . . . . . . . . . . 5
+ 1.2. Requirement Language . . . . . . . . . . . . . . . . . . . 8
+ 2. Applicability of Described Mechanisms . . . . . . . . . . . . 8
+ 3. Alternate Next-Hop Calculation . . . . . . . . . . . . . . . . 9
+ 3.1. Basic Loop-Free Condition . . . . . . . . . . . . . . . . 10
+ 3.2. Node-Protecting Alternate Next-Hops . . . . . . . . . . . 10
+ 3.3. Broadcast and Non-Broadcast Multi-Access (NBMA) Links . . 11
+ 3.4. ECMP and Alternates . . . . . . . . . . . . . . . . . . . 12
+ 3.5. Interactions with IS-IS Overload, RFC 3137, and Costed
+ Out Links . . . . . . . . . . . . . . . . . . . . . . . . 13
+ 3.5.1. Interactions with IS-IS Link Attributes . . . . . . . 14
+ 3.6. Selection Procedure . . . . . . . . . . . . . . . . . . . 14
+ 3.7. LFA Types and Trade-Offs . . . . . . . . . . . . . . . . . 18
+ 3.8. A Simplification: Per-Next-Hop LFAs . . . . . . . . . . . 19
+ 4. Using an Alternate . . . . . . . . . . . . . . . . . . . . . . 20
+ 4.1. Terminating Use of Alternate . . . . . . . . . . . . . . . 20
+ 5. Requirements on LDP Mode . . . . . . . . . . . . . . . . . . . 22
+ 6. Routing Aspects . . . . . . . . . . . . . . . . . . . . . . . 22
+ 6.1. Multi-Homed Prefixes . . . . . . . . . . . . . . . . . . . 22
+ 6.2. IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 24
+ 6.3. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
+ 6.3.1. OSPF External Routing . . . . . . . . . . . . . . . . 24
+ 6.3.2. OSPF Multi-Topology . . . . . . . . . . . . . . . . . 25
+ 6.4. BGP Next-Hop Synchronization . . . . . . . . . . . . . . . 25
+ 6.5. Multicast Considerations . . . . . . . . . . . . . . . . . 25
+ 7. Security Considerations . . . . . . . . . . . . . . . . . . . 25
+ 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26
+ 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26
+ 9.1. Normative References . . . . . . . . . . . . . . . . . . . 26
+ 9.2. Informative References . . . . . . . . . . . . . . . . . . 26
+ Appendix A. OSPF Example Where LFA Based on Local Area
+ Topology Is Insufficient . . . . . . . . . . . . . . 27
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 2]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+1. Introduction
+
+ Applications for interactive multimedia services such as Voice over
+ IP (VoIP) and pseudowires can be very sensitive to traffic loss, such
+ as occurs when a link or router in the network fails. A router's
+ convergence time is generally on the order of hundreds of
+ milliseconds; the application traffic may be sensitive to losses
+ greater than tens of milliseconds.
+
+ As discussed in [FRAMEWORK], minimizing traffic loss requires a
+ mechanism for the router adjacent to a failure to rapidly invoke a
+ repair path, which is minimally affected by any subsequent re-
+ convergence. This specification describes such a mechanism that
+ allows a router whose local link has failed to forward traffic to a
+ pre-computed alternate until the router installs the new primary
+ next-hops based upon the changed network topology. The terminology
+ used in this specification is given in [FRAMEWORK]. The described
+ mechanism assumes that routing in the network is performed using a
+ link-state routing protocol -- OSPF [RFC2328] [RFC2740] [RFC5340] or
+ IS-IS [RFC1195] [RFC2966] (for IPv4 or IPv6). The mechanism also
+ assumes that both the primary path and the alternate path are in the
+ same routing area.
+
+ When a local link fails, a router currently must signal the event to
+ its neighbors via the IGP, recompute new primary next-hops for all
+ affected prefixes, and only then install those new primary next-hops
+ into the forwarding plane. Until the new primary next-hops are
+ installed, traffic directed towards the affected prefixes is
+ discarded. This process can take hundreds of milliseconds.
+
+ <--
+ +-----+
+ /------| S |--\
+ / +-----+ \
+ / 5 8 \
+ / \
+ +-----+ +-----+
+ | E | | N_1 |
+ +-----+ +-----+
+ \ /
+ \ \ 4 3 / /
+ \| \ / |/
+ -+ \ +-----+ / +-
+ \---| D |---/
+ +-----+
+
+ Figure 1: Basic Topology
+
+
+
+
+Atlas, et al. Standards Track [Page 3]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ The goal of IP Fast Reroute (IPFRR) is to reduce failure reaction
+ time to 10s of milliseconds by using a pre-computed alternate next-
+ hop, in the event that the currently selected primary next-hop fails,
+ so that the alternate can be rapidly used when the failure is
+ detected. A network with this feature experiences less traffic loss
+ and less micro-looping of packets than a network without IPFRR.
+ There are cases where traffic loss is still a possibility since IPFRR
+ coverage varies, but in the worst possible situation a network with
+ IPFRR is equivalent with respect to traffic convergence to a network
+ without IPFRR.
+
+ To clarify the behavior of IP Fast Reroute, consider the simple
+ topology in Figure 1. When router S computes its shortest path to
+ router D, router S determines to use the link to router E as its
+ primary next-hop. Without IP Fast Reroute, that link is the only
+ next-hop that router S computes to reach D. With IP Fast Reroute, S
+ also looks for an alternate next-hop to use. In this example, S
+ would determine that it could send traffic destined to D by using the
+ link to router N_1 and therefore S would install the link to N_1 as
+ its alternate next-hop. At some later time, the link between router
+ S and router E could fail. When that link fails, S and E will be the
+ first to detect it. On detecting the failure, S will stop sending
+ traffic destined for D towards E via the failed link, and instead
+ send the traffic to S's pre-computed alternate next-hop, which is the
+ link to N_1, until a new SPF is run and its results are installed.
+ As with the primary next-hop, an alternate next-hop is computed for
+ each destination. The process of computing an alternate next-hop
+ does not alter the primary next-hop computed via a standard SPF.
+
+ If in the example of Figure 1, the link cost from N_1 to D increased
+ to 30 from 3, then N_1 would not be a loop-free alternate, because
+ the cost of the path from N_1 to D via S would be 17 while the cost
+ from N_1 directly to D would be 30. In real networks, we may often
+ face this situation. The existence of a suitable loop-free alternate
+ next-hop is dependent on the topology and the nature of the failure
+ for which the alternate is calculated.
+
+ This specification uses the terminology introduced in [FRAMEWORK].
+ In particular, it uses Distance_opt(X,Y), abbreviated to D_opt(X,Y),
+ to indicate the shortest distance from X to Y. S is used to indicate
+ the calculating router. N_i is a neighbor of S; N is used as an
+ abbreviation when only one neighbor is being discussed. D is the
+ destination under consideration.
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 4]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ A neighbor N can provide a loop-free alternate (LFA) if and only if
+
+ Distance_opt(N, D) < Distance_opt(N, S) + Distance_opt(S, D)
+
+ Inequality 1: Loop-Free Criterion
+
+ A subset of loop-free alternates are downstream paths that must meet
+ a more restrictive condition that is applicable to more complex
+ failure scenarios:
+
+ Distance_opt(N, D) < Distance_opt(S, D)
+
+ Inequality 2: Downstream Path Criterion
+
+1.1. Failure Scenarios
+
+ The alternate next-hop can protect against a single link failure, a
+ single node failure, failure of one or more links within a shared
+ risk link group, or a combination of these. Whenever a failure
+ occurs that is more extensive than what the alternate was intended to
+ protect, there is the possibility of temporarily looping traffic
+ (note again, that such a loop would only last until the next complete
+ SPF calculation). The example where a node fails when the alternate
+ provided only link protection is illustrated below. If unexpected
+ simultaneous failures occur, then micro-looping may occur since the
+ alternates are not pre-computed to avoid the set of failed links.
+
+ If only link protection is provided and the node fails, it is
+ possible for traffic using the alternates to experience micro-
+ looping. This issue is illustrated in Figure 2. If Link(S->E)
+ fails, then the link-protecting alternate via N will work correctly.
+ However, if router E fails, then both S and N will detect a failure
+ and switch to their alternates. In this example, that would cause S
+ to redirect the traffic to N and N to redirect the traffic to S and
+ thus causing a forwarding loop. Such a scenario can arise because
+ the key assumption, that all other routers in the network are
+ forwarding based upon the shortest path, is violated because of a
+ second simultaneous correlated failure -- another link connected to
+ the same primary neighbor. If there are not other protection
+ mechanisms to handle node failure, a node failure is still a concern
+ when only using link-protecting LFAs.
+
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 5]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ <@@@
+ @@@>
+ +-----+ +-----+
+ | S |-------| N |
+ +-+---+ 5 +-----+
+ | |
+ | 5 4 | |
+ | | | \|/
+ \|/ | |
+ | +-----+ |
+ +----| E |---+
+ +--+--+
+ |
+ |
+ | 10
+ |
+ +--+--+
+ | D |
+ +-----+
+
+ Figure 2: Link-Protecting Alternates Causing Loop on Node Failure
+
+ Micro-looping of traffic via the alternates caused when a more
+ extensive failure than planned for occurs can be prevented via
+ selection of only downstream paths as alternates. A micro-loop due
+ to the use of alternates can be avoided by using downstream paths
+ because each succeeding router in the path to the destination must be
+ closer to the destination than its predecessor (according to the
+ topology prior to the failures). Although use of downstream paths
+ ensures that the micro-looping via alternates does not occur, such a
+ restriction can severely limit the coverage of alternates. In
+ Figure 2, S would be able to use N as a downstream alternate, but N
+ could not use S; therefore, N would have no alternate and would
+ discard the traffic, thus avoiding the micro-loop.
+
+ As shown above, the use of either a node-protecting LFA (described in
+ Section 3.2) or a downstream path provides protection against micro-
+ looping in the event of node failure. There are topologies where
+ there may be either a node-protecting LFA, a downstream path, both,
+ or neither. A node may select either a node-protecting LFA or a
+ downstream path without risk of causing micro-loops in the event of
+ neighbor node failure. While a link-and-node-protecting LFA
+ guarantees protection against either link or node failure, a
+ downstream path provides protection only against a link failure and
+ may or may not provide protection against a node failure depending on
+ the protection available at the downstream node, but it cannot cause
+ a micro-loop. For example, in Figure 2, if S uses N as a downstream
+ path, although no looping can occur, the traffic will not be
+
+
+
+Atlas, et al. Standards Track [Page 6]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ protected in the event of the failure of node E because N has no
+ viable repair path, and it will simply discard the packet. However,
+ if N had a link-and-node-protecting LFA or downstream path via some
+ other path (not shown), then the repair may succeed.
+
+ Since the functionality of link-and-node-protecting LFAs is greater
+ than that of link-protecting downstream paths, a router SHOULD select
+ a link-and-node-protecting LFA over a link-protecting downstream
+ path. If there are any destinations for which a link-and-node-
+ protecting LFA is not available, then by definition the path to all
+ of those destinations from any neighbor of the computing router (S)
+ must be through the node (E) being protected (otherwise there would
+ be a node protecting LFA for that destination). Consequently, if
+ there exists a downstream path to the protected node as destination,
+ then that downstream path may be used for all those destinations for
+ which a link-and-node-protecting LFA is not available; the existence
+ of a downstream path can be determined by a single check of the
+ condition Distance_opt(N, E) < Distance_opt(S, E).
+
+ It may be desirable to find an alternate that can protect against
+ other correlated failures (of which node failure is a specific
+ instance). In the general case, these are handled by shared risk
+ link groups (SRLGs) where any links in the network can belong to the
+ SRLG. General SRLGs may add unacceptably to the computational
+ complexity of finding a loop-free alternate.
+
+ However, a sub-category of SRLGs is of interest and can be applied
+ only during the selection of an acceptable alternate. This sub-
+ category is to express correlated failures of links that are
+ connected to the same router, for example, if there are multiple
+ logical sub-interfaces on the same physical interface, such as VLANs
+ on an Ethernet interface, if multiple interfaces use the same
+ physical port because of channelization, or if multiple interfaces
+ share a correlated failure because they are on the same line-card.
+ This sub-category of SRLGs will be referred to as local-SRLGs. A
+ local-SRLG has all of its member links with one end connected to the
+ same router. Thus, router S could select a loop-free alternate that
+ does not use a link in the same local-SRLG as the primary next-hop.
+ The failure of local-SRLGs belonging to E can be protected against
+ via node protection, i.e., picking a loop-free node-protecting
+ alternate.
+
+ Where SRLG protection is provided, it is in the context of the
+ particular OSPF or IS-IS area, whose topology is used in the SPF
+ computations to compute the loop-free alternates. If an SRLG
+ contains links in multiple areas, then separate SRLG-protecting
+ alternates would be required in each area that is traversed by the
+ affected traffic.
+
+
+
+Atlas, et al. Standards Track [Page 7]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+1.2. Requirement Language
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [RFC2119].
+
+2. Applicability of Described Mechanisms
+
+ IP Fast Reroute mechanisms described in this memo cover intra-domain
+ routing only, with OSPF [RFC2328] [RFC2740] [RFC5340] or IS-IS
+ [RFC1195] [RFC2966] as the IGP. Specifically, Fast Reroute for BGP
+ inter-domain routing is not part of this specification.
+
+ Certain aspects of OSPF inter-area routing behavior explained in
+ Section 6.3 and Appendix A impact the ability of the router
+ calculating the backup next-hops to assess traffic trajectories. In
+ order to avoid micro-looping and ensure required coverage, certain
+ constraints are applied to multi-area OSPF networks:
+
+ a. Loop-free alternates should not be used in the backbone area if
+ there are any virtual links configured unless, for each transit
+ area, there is a full mesh of virtual links between all Area
+ Border Routers (ABRs) in that area. Loop-free alternates may be
+ used in non-backbone areas regardless of whether there are
+ virtual links configured.
+
+ b. Loop-free alternates should not be used for inter-area routes in
+ an area that contains more than one alternate ABR [RFC3509].
+
+ c. Loop-free alternates should not be used for AS External routes or
+ Autonomous System Border Router (ASBR) routes in a non-backbone
+ area of a network where there exists an ABR that is announced as
+ an ASBR in multiple non-backbone areas and there exists another
+ ABR that is in at least two of the same non-backbone areas.
+
+ d. Loop-free alternates should not be used in a non-backbone area of
+ a network for AS External routes where an AS External prefix is
+ advertised with the same type of external metric by multiple
+ ASBRs, which are in different non-backbone areas, with a
+ forwarding address of 0.0.0.0 or by one or more ASBRs with
+ forwarding addresses in multiple non-backbone areas when an ABR
+ exists simultaneously in two or more of those non-backbone areas.
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 8]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+3. Alternate Next-Hop Calculation
+
+ In addition to the set of primary next-hops obtained through a
+ shortest path tree (SPT) computation that is part of standard link-
+ state routing functionality, routers supporting IP Fast Reroute also
+ calculate a set of backup next-hops that are engaged when a local
+ failure occurs. These backup next-hops are calculated to provide the
+ required type of protection (i.e., link-protecting and/or node-
+ protecting) and to guarantee that when the expected failure occurs,
+ forwarding traffic through them will not result in a loop. Such
+ next-hops are called loop-free alternates or LFAs throughout this
+ specification.
+
+ In general, to be able to calculate the set of LFAs for a specific
+ destination D, a router needs to know the following basic pieces of
+ information:
+
+ o Shortest-path distance from the calculating router to the
+ destination (Distance_opt(S, D))
+
+ o Shortest-path distance from the router's IGP neighbors to the
+ destination (Distance_opt(N, D))
+
+ o Shortest path distance from the router's IGP neighbors to itself
+ (Distance_opt(N, S))
+
+ o Distance_opt(S, D) is normally available from the regular SPF
+ calculation performed by the link-state routing protocols.
+ Distance_opt(N, D) and Distance_opt(N, S) can be obtained by
+ performing additional SPF calculations from the perspective of
+ each IGP neighbor (i.e., considering the neighbor's vertex as the
+ root of the SPT--called SPT(N) hereafter--rather than the
+ calculating router's one, called SPT(S)).
+
+ This specification defines a form of SRLG protection limited to those
+ SRLGs that include a link to which the calculating router is directly
+ connected. Only that set of SRLGs could cause a local failure; the
+ calculating router only computes alternates to handle a local
+ failure. Information about local link SRLG membership is manually
+ configured. Information about remote link SRLG membership may be
+ dynamically obtained using [RFC4205] or [RFC4203]. Define
+ SRLG_local(S) to be the set of SRLGs that include a link to which the
+ calculating router S is directly connected Only SRLG_local(S) is of
+ interest during the calculation, but the calculating router must
+ correctly handle changes to SRLG_local(S) triggered by local link
+ SRLG membership changes.
+
+
+
+
+
+Atlas, et al. Standards Track [Page 9]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ In order to choose among all available LFAs that provide required
+ SRLG protection for a given destination, the calculating router needs
+ to track the set of SRLGs in SRLG_local(S) that the path through a
+ specific IGP neighbor involves. To do so, each node D in the network
+ topology is associated with SRLG_set(N, D), which is the set of SRLGs
+ that would be crossed if traffic to D was forwarded through N. To
+ calculate this set, the router initializes SRLG_set(N, N) for each of
+ its IGP neighbors to be empty. During the SPT(N) calculation, when a
+ new vertex V is added to the SPT, its SRLG_set(N, V) is set to the
+ union of SRLG sets associated with its parents, and the SRLG sets in
+ SRLG_local(S) that are associated with the links from V's parents to
+ V. The union of the set of SRLGs associated with a candidate
+ alternate next-hop and the SRLG_set(N, D) for the neighbor reached
+ via that candidate next-hop is used to determine SRLG protection.
+
+ The following sections provide information required for calculation
+ of LFAs. Sections 3.1 through 3.4 define different types of LFA
+ conditions. Section 3.5 describes constraints imposed by the IS-IS
+ overload and OSPF stub router functionality. Section 3.6 defines the
+ summarized algorithm for LFA calculation using the definitions in the
+ previous sections.
+
+3.1. Basic Loop-Free Condition
+
+ Alternate next hops used by implementations following this
+ specification MUST conform to at least the loop-freeness condition
+ stated above in Inequality 1. This condition guarantees that
+ forwarding traffic to an LFA will not result in a loop after a link
+ failure.
+
+ Further conditions may be applied when determining link-protecting
+ and/or node-protecting alternate next-hops as described in Sections
+ 3.2 and 3.3.
+
+3.2. Node-Protecting Alternate Next-Hops
+
+ For an alternate next-hop N to protect against node failure of a
+ primary neighbor E for destination D, N must be loop-free with
+ respect to both E and D. In other words, N's path to D must not go
+ through E. This is the case if Inequality 3 is true, where N is the
+ neighbor providing a loop-free alternate.
+
+ Distance_opt(N, D) < Distance_opt(N, E) + Distance_opt(E, D)
+
+ Inequality 3: Criteria for a Node-Protecting Loop-Free Alternate
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 10]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ If Distance_opt(N,D) = Distance_opt(N, E) + Distance_opt(E, D), it is
+ possible that N has equal-cost paths and one of those could provide
+ protection against E's node failure. However, it is equally possible
+ that one of N's paths goes through E, and the calculating router has
+ no way to influence N's decision to use it. Therefore, it SHOULD be
+ assumed that an alternate next-hop does not offer node protection if
+ Inequality 3 is not met.
+
+3.3. Broadcast and Non-Broadcast Multi-Access (NBMA) Links
+
+ Verification of the link-protection property of a next-hop in the
+ case of a broadcast link is more elaborate than for a point-to-point
+ link. This is because a broadcast link is represented as a pseudo-
+ node with zero-cost links connecting it to other nodes.
+
+ Because failure of an interface attached to a broadcast segment may
+ mean loss of connectivity of the whole segment, the condition
+ described for broadcast link protection is pessimistic and requires
+ that the alternate is loop-free with regard to the pseudo-node.
+ Consider the example in Figure 3.
+
+ +-----+ 15
+ | S |--------
+ +-----+ |
+ | 5 |
+ | |
+ | 0 |
+ /----\ 0 5 +-----+
+ | PN |-----| N |
+ \----/ +-----+
+ | 0 |
+ | | 8
+ | 5 |
+ +-----+ 5 +-----+
+ | E |----| D |
+ +-----+ +-----+
+
+ Figure 3: Loop-Free Alternate That Is Link-Protecting
+
+ In Figure 3, N offers a loop-free alternate that is link-protecting.
+ If the primary next-hop uses a broadcast link, then an alternate
+ SHOULD be loop-free with respect to that link's pseudo-node (PN) to
+ provide link protection. This requirement is described in Inequality
+ 4 below.
+
+ D_opt(N, D) < D_opt(N, PN) + D_opt(PN, D)
+
+ Inequality 4: Loop-Free Link-Protecting Criterion for Broadcast Links
+
+
+
+Atlas, et al. Standards Track [Page 11]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ Because the shortest path from the pseudo-node goes through E, if a
+ loop-free alternate from a neighbor N is node-protecting, the
+ alternate will also be link-protecting unless the router S can only
+ reach the alternate neighbor N via the same pseudo-node. Since this
+ is the only case for which a node-protecting LFA is not link-
+ protecting, this implies that for point-to-point interfaces, an LFA
+ that is node-protecting is always link-protecting. Because S can
+ direct the traffic away from the shortest path to use the alternate
+ N, traffic might pass through the same broadcast link as it would
+ when S sent the traffic to the primary E. Thus, an LFA from N that
+ is node-protecting is not automatically link-protecting for a
+ broadcast or NBMA link.
+
+ To obtain link protection, it is necessary both that the path from
+ the selected alternate next-hop does not traverse the link of
+ interest and that the link used from S to reach that alternate next-
+ hop is not the link of interest. The latter can only occur with non-
+ point-to-point links. Therefore, if the primary next-hop is across a
+ broadcast or NBMA interface, it is necessary to consider link
+ protection during the alternate selection. To clarify, consider the
+ topology in Figure 3. For N to provide link protection, it is first
+ necessary that N's shortest path to D does not traverse the pseudo-
+ node PN. Second, it is necessary that the alternate next-hop
+ selected by S does not traverse PN. In this example, S's shortest
+ path to N is via the pseudo-node. Thus, to obtain link protection, S
+ must find a next-hop to N (the point-to-point link from S to N in
+ this example) that avoids the pseudo-node PN.
+
+ Similar consideration of the link from S to the selected alternate
+ next-hop as well as the path from the selected alternate next-hop is
+ also necessary for SRLG protection. S's shortest path to the
+ selected neighbor N may not be acceptable as an alternate next-hop to
+ provide SRLG protection, even if the path from N to D can provide
+ SRLG protection.
+
+3.4. ECMP and Alternates
+
+ With Equal-Cost Multi-Path (ECMP), a prefix may have multiple primary
+ next-hops that are used to forward traffic. When a particular
+ primary next-hop fails, alternate next-hops should be used to
+ preserve the traffic. These alternate next-hops may themselves also
+ be primary next-hops, but need not be. Other primary next-hops are
+ not guaranteed to provide protection against the failure scenarios of
+ concern.
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 12]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ 20 L1 L3 3
+ [ N ]----[ S ]--------[ E3 ]
+ | | |
+ | 5 | L2 |
+ 20 | | |
+ | --------- | 2
+ | 5 | | 5 |
+ | [ E1 ] [ E2 ]-----|
+ | | |
+ | 10 | 10 |
+ |---[ A ] [ B ]
+ | |
+ 2 |--[ D ]-| 2
+
+ Figure 4: ECMP Where Primary Next-Hops Provide Limited Protection
+
+ In Figure 4 S has three primary next-hops to reach D; these are L2 to
+ E1, L2 to E2, and L3 to E3. The primary next-hop L2 to E1 can obtain
+ link and node protection from L3 to E3, which is one of the other
+ primary next-hops; L2 to E1 cannot obtain link protection from the
+ other primary next-hop L2 to E2. Similarly, the primary next-hop L2
+ to E2 can only get node protection from L2 to E1 and can only get
+ link protection from L3 to E3. The third primary next-hop L3 to E3
+ can obtain link and node protection from L2 to E1 and from L2 to E2.
+ It is possible for both the primary next-hop L2 to E2 and the primary
+ next-hop L2 to E1 to obtain an alternate next-hop that provides both
+ link and node protection by using L1.
+
+ Alternate next-hops are determined for each primary next-hop
+ separately. As with alternate selection in the non-ECMP case, these
+ alternate next-hops should maximize the coverage of the failure
+ cases.
+
+3.5. Interactions with IS-IS Overload, RFC 3137, and Costed Out Links
+
+ As described in [RFC3137], there are cases where it is desirable not
+ to have a router used as a transit node. For those cases, it is also
+ desirable not to have the router used on an alternate path.
+
+ For computing an alternate, a router MUST NOT use an alternate next-
+ hop that is along a link whose cost or reverse cost is LSInfinity
+ (for OSPF) or the maximum cost (for IS-IS) or that has the overload
+ bit set (for IS-IS). For a broadcast link, the reverse cost
+ associated with a potential alternate next-hop is the cost towards
+ the pseudo-node advertised by the next-hop router. For point-to-
+ point links, if a specific link from the next-hop router cannot be
+ associated with a particular link, then the reverse cost considered
+ is that of the minimum cost link from the next-hop router back to S.
+
+
+
+Atlas, et al. Standards Track [Page 13]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ In the case of OSPF, if all links from router S to a neighbor N_i
+ have a reverse cost of LSInfinity, then router S MUST NOT use N_i as
+ an alternate.
+
+ Similarly in the case of IS-IS, if N_i has the overload bit set, then
+ S MUST NOT consider using N_i as an alternate.
+
+ This preserves the desired behavior of diverting traffic away from a
+ router that is following [RFC3137], and it also preserves the desired
+ behavior when an operator sets the cost of a link to LSInfinity for
+ maintenance that is not permitting traffic across that link unless
+ there is no other path.
+
+ If a link or router that is costed out was the only possible
+ alternate to protect traffic from a particular router S to a
+ particular destination, then there should be no alternate provided
+ for protection.
+
+3.5.1. Interactions with IS-IS Link Attributes
+
+ [RFC5029] describes several flags whose interactions with LFAs need
+ to be defined. A router SHOULD NOT specify the "local protection
+ available" flag as a result of having LFAs. A router SHOULD NOT use
+ an alternate next-hop that is along a link for which the link has
+ been advertised with the attribute "link excluded from local
+ protection path" or with the attribute "local maintenance required".
+
+3.6. Selection Procedure
+
+ A router supporting this specification SHOULD attempt to select at
+ least one loop-free alternate next-hop for each primary next-hop used
+ for a given prefix. A router MAY decide to not use an available
+ loop-free alternate next-hop. A reason for such a decision might be
+ that the loop-free alternate next-hop does not provide protection for
+ the failure scenario of interest.
+
+ The alternate selection should maximize the coverage of the failure
+ cases.
+
+ When calculating alternate next-hops, the calculating router S
+ applies the following rules.
+
+ 1. S SHOULD select a loop-free node-protecting alternate next-hop,
+ if one is available. If no loop-free node-protecting alternate
+ is available, then S MAY select a loop-free link-protecting
+ alternate.
+
+
+
+
+
+Atlas, et al. Standards Track [Page 14]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ 2. If S has a choice between a loop-free link-and-node-protecting
+ alternate and a loop-free node-protecting alternate that is not
+ link-protecting, S SHOULD select a loop-free link-and-node-
+ protecting alternate. This can occur as explained in
+ Section 3.3.
+
+ 3. If S has multiple primary next-hops, then S SHOULD select as a
+ loop-free alternate either one of the other primary next-hops or
+ a loop-free node-protecting alternate if available. If no loop-
+ free node-protecting alternate is available and no other primary
+ next-hop can provide link-protection, then S SHOULD select a
+ loop-free link-protecting alternate.
+
+ 4. Implementations SHOULD support a mode where other primary next-
+ hops satisfying the basic loop-free condition and providing at
+ least link or node protection are preferred over any non-primary
+ alternates. This mode is provided to allow the administrator to
+ preserve traffic patterns based on regular ECMP behavior.
+
+ 5. Implementations considering SRLGs MAY use SRLG protection to
+ determine that a node-protecting or link-protecting alternate is
+ not available for use.
+
+ Following the above rules maximizes the level of protection and use
+ of primary (ECMP) next-hops.
+
+ Each next-hop is associated with a set of non-mutually-exclusive
+ characteristics based on whether it is used as a primary next-hop to
+ a particular destination D, and the type of protection it can provide
+ relative to a specific primary next-hop E:
+
+ Primary Path - The next-hop is used by S as primary.
+
+ Loop-Free Node-Protecting Alternate - This next-hop satisfies
+ Inequality 1 and Inequality 3. The path avoids S, S's primary
+ neighbor E, and the link from S to E.
+
+ Loop-Free Link-Protecting Alternate - This next-hop satisfies
+ Inequality 1 but not Inequality 3. If the primary next-hop uses a
+ broadcast link, then this next-hop satisfies Inequality 4.
+
+ An alternate path may also provide none, some, or complete SRLG
+ protection as well as node and link or link protection. For
+ instance, a link may belong to two SRLGs G1 and G2. The alternate
+ path might avoid other links in G1 but not G2, in which case the
+ alternate would only provide partial SRLG protection.
+
+
+
+
+
+Atlas, et al. Standards Track [Page 15]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ Below is an algorithm that can be used to calculate loop-free
+ alternate next-hops. The algorithm is given for informational
+ purposes, and implementations are free to use any other algorithm as
+ long as it satisfies the rules described above.
+
+ The following procedure describes how to select an alternate next-
+ hop. The procedure is described to determine alternate next-hops to
+ use to reach each router in the topology. Prefixes that are
+ advertised by a single router can use the alternate next-hop computed
+ for the router to which they are attached. The same procedure can be
+ used to reach a prefix that is advertised by more than one router
+ when the logical topological transformation described in Section 6.1
+ is used.
+
+ S is the computing router. S has neighbors N_1 to N_j. A candidate
+ next-hop is indicated by (outgoing link, neighbor) and the outgoing
+ link must be bidirectionally connected, as is determined by the IGP.
+ The candidate next-hops of S are enumerated as H_1 through H_k.
+ Recall that S may have multiple next-hops over different interfaces
+ to a neighbor. H_i.link refers to the outgoing link of that next-hop
+ and H_i.neighbor refers to the neighbor of that next-hop.
+
+ For a particular destination router D, let S have already computed
+ D_opt(S, D), and for each neighbor N_i, D_opt(N_i, D), D_opt(N_i, S),
+ and D_opt(N_i, N_j), the distance from N_i to each other neighbor
+ N_j, and the set of SRLGs traversed by the path D_opt(N_i, D). S
+ should follow the below procedure for every primary next-hop selected
+ to reach D. This set of primary next-hops is represented P_1 to P_p.
+ This procedure finds the alternate next-hop(s) for P_i.
+
+ First, initialize the alternate information for P_i as follows:
+
+ P_i.alt_next_hops = {}
+ P_i.alt_type = NONE
+ P_i.alt_link-protect = FALSE
+ P_i.alt_node-protect = FALSE
+ P_i.alt_srlg-protect = {}
+
+ For each candidate next-hop H_h,
+
+ 1. Initialize variables as follows:
+
+ cand_type = NONE
+ cand_link-protect = FALSE
+ cand_node-protect = FALSE
+ cand_srlg-protect = {}
+
+
+
+
+
+Atlas, et al. Standards Track [Page 16]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ 2. If H_h is P_i, skip it and continue to the next candidate next-
+ hop.
+
+ 3. If H_h.link is administratively allowed to be used as an
+ alternate,
+
+ and the cost of H_h.link is less than the maximum,
+ and the reverse cost of H_h is less than the maximum,
+ and H_h.neighbor is not overloaded (for IS-IS),
+ and H_h.link is bidirectional,
+
+ then H_h can be considered as an alternate. Otherwise, skip it
+ and continue to the next candidate next-hop.
+
+ 4. If D_opt( H_h.neighbor, D) >= D_opt( H_h.neighbor, S) + D_opt(S,
+ D), then H_h is not loop-free. Skip it and continue to the next
+ candidate next-hop.
+
+ 5. cand_type = LOOP-FREE.
+
+ 6. If H_h is a primary next-hop, set cand_type to PRIMARY.
+
+ 7. If H_h.link is not P_i.link, set cand_link-protect to TRUE.
+
+ 8. If D_opt(H_h.neighbor, D) < D_opt(H_h.neighbor, P_i.neighbor) +
+ D_opt(P_i.neighbor, D), set cand_node-protect to TRUE.
+
+ 9. If the router considers SRLGs, then set the cand_srlg-protect to
+ the set of SRLGs traversed on the path from S via P_i.link to
+ P_i.neighbor. Remove the set of SRLGs to which H_h belongs from
+ cand_srlg-protect. Remove from cand_srlg-protect the set of
+ SRLGs traversed on the path from H_h.neighbor to D. Now
+ cand_srlg-protect holds the set of SRLGs to which P_i belongs
+ and that are not traversed on the path from S via H_h to D.
+
+ 10. If cand_type is PRIMARY, the router prefers other primary next-
+ hops for use as the alternate, and the P_i.alt_type is not
+ PRIMARY, goto Step 20.
+
+ 11. If cand_type is not PRIMARY, P_i.alt_type is PRIMARY, and the
+ router prefers other primary next-hops for use as the alternate,
+ then continue to the next candidate next-hop
+
+ 12. If cand_node-protect is TRUE and P_i.alt_node-protect is FALSE,
+ goto Paragraph 20.
+
+ 13. If cand_link-protect is TRUE and P_i.alt_link-protect is FALSE,
+ goto Step 20.
+
+
+
+Atlas, et al. Standards Track [Page 17]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ 14. If cand_srlg-protect has a better set of SRLGs than
+ P_i.alt_srlg-protect, goto Step 20.
+
+ 15. If cand_srlg-protect is different from P_i.alt_srlg-protect,
+ then select between H_h and P_i.alt_next_hops based upon
+ distance, IP addresses, or any router-local tie-breaker. If H_h
+ is preferred, then goto Step 20. If P_i.alt_next_hops is
+ preferred, skip H_h and continue to the next candidate next-hop.
+
+ 16. If D_opt(H_h.neighbor, D) < D_opt(P_i.neighbor, D) and
+ D_opt(P_i.alt_next_hops, D) >= D_opt(P_i.neighbor, D), then H_h
+ is a downstream alternate and P_i.alt_next_hops is simply an
+ LFA. Prefer H_h and goto Step 20.
+
+ 17. Based upon the alternate types, the alternate distances, IP
+ addresses, or other tie-breakers, decide if H_h is preferred to
+ P_i.alt_next_hops. If so, goto Step 20.
+
+ 18. Decide if P_i.alt_next_hops is preferred to H_h. If so, then
+ skip H_h and continue to the next candidate next-hop.
+
+ 19. Add H_h into P_i.alt_next_hops. Set P_i.alt_type to the better
+ type of H_h.alt_type and P_i.alt_type. Continue to the next
+ candidate next-hop.
+
+ 20. Replace the P_i alternate next-hop set with H_h as follows:
+
+ P_i.alt_next_hops = {H_h}
+ P_i.alt_type = cand_type
+ P_i.alt_link-protect = cand_link-protect
+ P_i.alt_node-protect = cand_node-protect
+ P_i.alt_srlg-protect = cand_srlg-protect
+
+ Continue to the next candidate next-hop.
+
+3.7. LFA Types and Trade-Offs
+
+ LFAs can provide different amounts of protection, and the decision
+ about which type to prefer is dependent upon network topology and
+ other techniques in use in the network. This section describes the
+ different protection levels and the trade-offs associated with each.
+
+ 1. Primary Next-hop: When there are equal-cost primary next-hops,
+ using one as an alternate is guaranteed not to cause micro-loops
+ involving S. Traffic flows across the paths that the network
+ will converge to, but congestion may be experienced on the
+ primary paths since traffic is sent across fewer. All primary
+ next-hops are downstream paths.
+
+
+
+Atlas, et al. Standards Track [Page 18]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ 2. Downstream Paths: A downstream path, unlike an LFA, is guaranteed
+ not to cause a micro-loop involving S regardless of the actual
+ failure detected. However, the expected coverage of such
+ alternates in a network is expected to be poor. All downstream
+ paths are LFAs.
+
+ 3. LFA: An LFA can have good coverage of a network, depending on
+ topology. However, it is possible to get micro-loops involving S
+ if an unprotected failure occurs (e.g., a node fails when the LFA
+ only was link-protecting).
+
+ The different types of protection are abbreviated as LP (link-
+ protecting), NP (node-protecting), and SP (SRLG-protecting).
+
+ a. LP, NP, and SP: If such an alternate exists, it gives protection
+ against all failures.
+
+ b. LP and NP only: Many networks may handle SRLG failures via
+ another method or may focus on node and link failures as being
+ more common.
+
+ c. LP only: A network may handle node failures via a high-
+ availability technique and be concerned primarily about
+ protecting the more common link failure case.
+
+ d. NP only: These only exist on interfaces that aren't point-to-
+ point. If link protection is handled in a different layer, then
+ an NP alternate may be acceptable.
+
+3.8. A Simplification: Per-Next-Hop LFAs
+
+ It is possible to simplify the computation and use of LFAs when
+ solely link protection is desired by considering and computing only
+ one link-protecting LFA for each next-hop connected to the router.
+ All prefixes that use that next-hop as a primary will use the LFA
+ computed for that next-hop as its LFA.
+
+ Even a prefix with multiple primary next-hops will have each primary
+ next-hop protected individually by the primary next-hop's associated
+ LFA. That associated LFA might or might not be another of the
+ primary next-hops of the prefix.
+
+ This simplification may reduce coverage in a network. In addition to
+ limiting protection for multi-homed prefixes (see Section 6.1), the
+ computation per next-hop may also not find an LFA when one could be
+ found for some of the prefixes that use that next-hop.
+
+
+
+
+
+Atlas, et al. Standards Track [Page 19]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ For example, consider Figure 4 where S has three ECMP next-hops, E1,
+ E2, and E3 to reach D. For the prefix D, E3 can give link protection
+ for the next-hops E1 and E2; E1 and E2 can give link protection for
+ the next-hops E3. However, if one uses this simplification to
+ compute LFAs for E1, E2, and E3 individually, there is no link-
+ protecting LFA for E1. E3 and E2 can protect each other.
+
+4. Using an Alternate
+
+ If an alternate next-hop is available, the router redirects traffic
+ to the alternate next-hop in case of a primary next-hop failure as
+ follows.
+
+ When a next-hop failure is detected via a local interface failure or
+ other failure detection mechanisms (see [FRAMEWORK]), the router
+ SHOULD:
+
+ 1. Remove the primary next-hop associated with the failure.
+
+ 2. Install the loop-free alternate calculated for the failed next-
+ hop if it is not already installed (e.g., the alternate is also a
+ primary next-hop).
+
+ Note that the router MAY remove other next-hops if it believes (via
+ SRLG analysis) that they may have been affected by the same failure,
+ even if it is not visible at the time of failure detection.
+
+ The alternate next-hop MUST be used only for traffic types that are
+ routed according to the shortest path. Multicast traffic is
+ specifically out of scope for this specification.
+
+4.1. Terminating Use of Alternate
+
+ A router MUST limit the amount of time an alternate next-hop is used
+ after the primary next-hop has become unavailable. This ensures that
+ the router will start using the new primary next-hops. It ensures
+ that all possible transient conditions are removed and the network
+ converges according to the deployed routing protocol.
+
+ There are techniques available to handle the micro-forwarding loops
+ that can occur in a networking during convergence.
+
+ A router that implements [MICROLOOP] SHOULD follow the rules given
+ there for terminating the use of an alternate.
+
+ A router that implements [ORDERED-FIB] SHOULD follow the rules given
+ there for terminating the use of an alternate.
+
+
+
+
+Atlas, et al. Standards Track [Page 20]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ It is desirable to avoid micro-forwarding loops involving S. An
+ example illustrating the problem is given in Figure 5. If the link
+ from S to E fails, S will use N1 as an alternate and S will compute
+ N2 as the new primary next-hop to reach D. If S starts using N2 as
+ soon as S can compute and install its new primary, it is probable
+ that N2 will not have yet installed its new primary next-hop. This
+ would cause traffic to loop and be dropped until N2 has installed the
+ new topology. This can be avoided by S delaying its installation and
+ leaving traffic on the alternate next-hop.
+
+ +-----+
+ | N2 |-------- |
+ +-----+ 1 | \|/
+ | |
+ | +-----+ @@> +-----+
+ | | S |---------| N1 |
+ 10 | +-----+ 10 +-----+
+ | | |
+ | 1 | | |
+ | | \|/ 10 |
+ | +-----+ | |
+ | | E | | \|/
+ | +-----+ |
+ | | |
+ | 1 | | |
+ | | \|/ |
+ | +-----+ |
+ |----| D |--------------
+ +-----+
+
+ Figure 5: Example Where Continued Use of Alternate Is Desirable
+
+ This is an example of a case where the new primary is not a loop-free
+ alternate before the failure and therefore may have been forwarding
+ traffic through S. This will occur when the path via a previously
+ upstream node is shorter than the path via a loop-free alternate
+ neighbor. In these cases, it is useful to give sufficient time to
+ ensure that the new primary neighbor and other nodes on the new
+ primary path have switched to the new route.
+
+ If the newly selected primary was loop-free before the failure, then
+ it is safe to switch to that new primary immediately; the new primary
+ wasn't dependent on the failure and therefore its path will not have
+ changed.
+
+ Given that there is an alternate providing appropriate protection and
+ while the assumption of a single failure holds, it is safe to delay
+ the installation of the new primaries; this will not create
+
+
+
+Atlas, et al. Standards Track [Page 21]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ forwarding loops because the alternate's path to the destination is
+ known to not go via S or the failed element and will therefore not be
+ affected by the failure.
+
+ An implementation SHOULD continue to use the alternate next-hops for
+ packet forwarding even after the new routing information is available
+ based on the new network topology. The use of the alternate next-
+ hops for packet forwarding SHOULD terminate:
+
+ a. if the new primary next-hop was loop-free prior to the topology
+ change, or
+
+ b. if a configured hold-down, which represents a worst-case bound on
+ the length of the network convergence transition, has expired, or
+
+ c. if notification of an unrelated topological change in the network
+ is received.
+
+5. Requirements on LDP Mode
+
+ Since LDP [RFC5036] traffic will follow the path specified by the
+ IGP, it is also possible for the LDP traffic to follow the loop-free
+ alternates indicated by the IGP. To do so, it is necessary for LDP
+ to have the appropriate labels available for the alternate so that
+ the appropriate out-segments can be installed in the forwarding plane
+ before the failure occurs.
+
+ This means that a Label Switching Router (LSR) running LDP must
+ distribute its labels for the Forwarding Equivalence Classes (FECs)
+ it can provide to all its neighbors, regardless of whether or not
+ they are upstream. Additionally, LDP must be acting in liberal label
+ retention mode so that the labels that correspond to neighbors that
+ aren't currently the primary neighbor are stored. Similarly, LDP
+ should be in downstream unsolicited mode, so that the labels for the
+ FEC are distributed other than along the SPT.
+
+ If these requirements are met, then LDP can use the loop-free
+ alternates without requiring any targeted sessions or signaling
+ extensions for this purpose.
+
+6. Routing Aspects
+
+6.1. Multi-Homed Prefixes
+
+ An SPF-like computation is run for each topology, which corresponds
+ to a particular OSPF area or IS-IS level. The IGP needs to determine
+ loop-free alternates to multi-homed routes. Multi-homed routes occur
+ for routes obtained from outside the routing domain by multiple
+
+
+
+Atlas, et al. Standards Track [Page 22]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ routers, for subnets on links where the subnet is announced from
+ multiple ends of the link, and for routes advertised by multiple
+ routers to provide resiliency.
+
+ Figure 6 demonstrates such a topology. In this example, the shortest
+ path to reach the prefix p is via E. The prefix p will have the link
+ to E as its primary next-hop. If the alternate next-hop for the
+ prefix p is simply inherited from the router advertising it on the
+ shortest path to p, then the prefix p's alternate next-hop would be
+ the link to C. This would provide link protection, but not the node
+ protection that is possible via A.
+
+
+ 5 +---+ 8 +---+ 5 +---+
+ ------| S |------| A |-----| B |
+ | +---+ +---+ +---+
+ | | |
+ | 5 | 5 |
+ | | |
+ +---+ 5 +---+ 5 7 +---+
+ | C |---| E |------ p -------| F |
+ +---+ +---+ +---+
+
+ Figure 6: Multi-Homed Prefix
+
+ To determine the best protection possible, the prefix p can be
+ treated in the SPF computations as a node with unidirectional links
+ to it from those routers that have advertised the prefix. Such a
+ node need never have its links explored, as it has no out-going
+ links.
+
+ If there exist multiple multi-homed prefixes that share the same
+ connectivity and the difference in metrics to those routers, then a
+ single node can be used to represent the set. For instance, if in
+ Figure 6 there were another prefix X that was connected to E with a
+ metric of 1 and to F with a metric of 3, then that prefix X could use
+ the same alternate next-hop as was computed for prefix p.
+
+ A router SHOULD compute the alternate next-hop for an IGP multi-homed
+ prefix by considering alternate paths via all routers that have
+ announced that prefix.
+
+ In all cases, a router MAY safely simplify the multi-homed prefix
+ (MHP) calculation by assuming that the MHP is solely attached to the
+ router that was its pre-failure optimal point of attachment.
+ However, this may result in a prefix not being considered repairable,
+ when the full computation would show that a repair was possible.
+
+
+
+
+Atlas, et al. Standards Track [Page 23]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+6.2. IS-IS
+
+ The applicability and interactions of LFAs with multi-topology IS-IS
+ [RFC5120] is out of scope for this specification.
+
+6.3. OSPF
+
+ OSPF introduces certain complications because it is possible for the
+ traffic path to exit an area and then re-enter that area. This can
+ occur whenever a router considers the same route from multiple areas.
+ There are several cases where issues such as this can occur. They
+ happen when another area permits a shorter path to connect two ABRs
+ than is available in the area where the LFA has been computed. To
+ clarify, an example topology is given in Appendix A.
+
+ a. Virtual Links: These allow paths to leave the backbone area and
+ traverse the transit area. The path provided via the transit
+ area can exit via any ABR. The path taken is not the shortest
+ path determined by doing an SPF in the backbone area.
+
+ b. Alternate ABR [RFC3509]: When an ABR is not connected to the
+ backbone, it considers the inter-area summaries from multiple
+ areas. The ABR A may determine to use area 2 but that path could
+ traverse another alternate ABR B that determines to use area 1.
+ This can lead to scenarios similar to that illustrated in
+ Figure 7.
+
+ c. ASBR Summaries: An ASBR may itself be an ABR and can be announced
+ into multiple areas. This presents other ABRs with a decision as
+ to which area to use. This is the example illustrated in
+ Figure 7.
+
+ d. AS External Prefixes: A prefix may be advertised by multiple
+ ASBRs in different areas and/or with multiple forwarding
+ addresses that are in different areas, which are connected via at
+ least one common ABR. This presents such ABRs with a decision as
+ to which area to use to reach the prefix.
+
+ Loop-free alternates should not be used in an area where one of the
+ above issues affects that area.
+
+6.3.1. OSPF External Routing
+
+ When a forwarding address is set in an OSPF AS-external Link State
+ Advertisement (LSA), all routers in the network calculate their next-
+ hops for the external prefix by doing a lookup for the forwarding
+ address in the routing table, rather than using the next-hops
+
+
+
+
+Atlas, et al. Standards Track [Page 24]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ calculated for the ASBR. In this case, the alternate next-hops
+ SHOULD be computed by selecting among the alternate paths to the
+ forwarding link(s) instead of among alternate paths to the ASBR.
+
+6.3.2. OSPF Multi-Topology
+
+ The applicability and interactions of LFAs with multi-topology OSPF
+ [RFC4915] [MT-OSPFv3] is out of scope for this specification.
+
+6.4. BGP Next-Hop Synchronization
+
+ Typically, BGP prefixes are advertised with the AS exit router's
+ router-id as the BGP next-hop, and AS exit routers are reached by
+ means of IGP routes. BGP resolves its advertised next-hop to the
+ immediate next-hop by potential recursive lookups in the routing
+ database. IP Fast Reroute computes the alternate next-hops to all
+ IGP destinations, which include alternate next-hops to the AS exit
+ router's router-id. BGP simply inherits the alternate next-hop from
+ IGP. The BGP decision process is unaltered; BGP continues to use the
+ IGP optimal distance to find the nearest exit router. Multicast BGP
+ (MBGP) routes do not need to copy the alternate next-hops.
+
+ It is possible to provide ASBR protection if BGP selected a set of
+ BGP next-hops and allowed the IGP to determine the primary and
+ alternate next-hops as if the BGP route were a multi-homed prefix.
+ This is for future study.
+
+6.5. Multicast Considerations
+
+ Multicast traffic is out of scope for this specification of IP Fast
+ Reroute. The alternate next-hops SHOULD NOT be used for multicast
+ Reverse Path Forwarding (RPF) checks.
+
+7. Security Considerations
+
+ The mechanism described in this document does not modify any routing
+ protocol messages, and hence no new threats related to packet
+ modifications or replay attacks are introduced. Traffic to certain
+ destinations can be temporarily routed via next-hop routers that
+ would not be used with the same topology change if this mechanism
+ wasn't employed. However, these next-hop routers can be used anyway
+ when a different topological change occurs, and hence this can't be
+ viewed as a new security threat.
+
+ In LDP, the wider distribution of FEC label information is still to
+ neighbors with whom a trusted LDP session has been established. This
+ wider distribution and the recommendation of using liberal label
+ retention mode are believed to have no significant security impact.
+
+
+
+Atlas, et al. Standards Track [Page 25]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+8. Acknowledgements
+
+ The authors would like to thank Joel Halpern, Mike Shand, Stewart
+ Bryant, and Stefano Previdi for their assistance and useful review.
+
+9. References
+
+9.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
+ April 1998.
+
+ [RFC2740] Coltun, R., Ferguson, D., and J. Moy, "OSPF for IPv6",
+ RFC 2740, December 1999.
+
+ [RFC5036] Andersson, L., Minei, I., and B. Thomas, "LDP
+ Specification", RFC 5036, October 2007.
+
+9.2. Informative References
+
+ [FRAMEWORK] Shand, M. and S. Bryant, "IP Fast Reroute Framework",
+ Work in Progress, February 2008.
+
+ [MICROLOOP] Zinin, A., "Analysis and Minimization of Microloops in
+ Link-state Routing Protocols", Work in Progress,
+ October 2005.
+
+ [MT-OSPFv3] Mirtorabi, S. and A. Roy, "Multi-topology routing in
+ OSPFv3 (MT-OSPFv3)", Work in Progress, July 2007.
+
+ [ORDERED-FIB] Francois, P., "Loop-free convergence using oFIB", Work
+ in Progress, February 2008.
+
+ [RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP
+ and dual environments", RFC 1195, December 1990.
+
+ [RFC2966] Li, T., Przygienda, T., and H. Smit, "Domain-wide
+ Prefix Distribution with Two-Level IS-IS", RFC 2966,
+ October 2000.
+
+ [RFC3137] Retana, A., Nguyen, L., White, R., Zinin, A., and D.
+ McPherson, "OSPF Stub Router Advertisement", RFC 3137,
+ June 2001.
+
+
+
+
+
+Atlas, et al. Standards Track [Page 26]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ [RFC3509] Zinin, A., Lindem, A., and D. Yeung, "Alternative
+ Implementations of OSPF Area Border Routers",
+ RFC 3509, April 2003.
+
+ [RFC4203] Kompella, K. and Y. Rekhter, "OSPF Extensions in
+ Support of Generalized Multi-Protocol Label Switching
+ (GMPLS)", RFC 4203, October 2005.
+
+ [RFC4205] Kompella, K. and Y. Rekhter, "Intermediate System to
+ Intermediate System (IS-IS) Extensions in Support of
+ Generalized Multi-Protocol Label Switching (GMPLS)",
+ RFC 4205, October 2005.
+
+ [RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P.
+ Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF",
+ RFC 4915, June 2007.
+
+ [RFC5029] Vasseur, JP. and S. Previdi, "Definition of an IS-IS
+ Link Attribute Sub-TLV", RFC 5029, September 2007.
+
+ [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi
+ Topology (MT) Routing in Intermediate System to
+ Intermediate Systems (IS-ISs)", RFC 5120,
+ February 2008.
+
+ [RFC5340] Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6",
+ RFC 5340, July 2008.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 27]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+Appendix A. OSPF Example Where LFA Based on Local Area Topology Is
+ Insufficient
+
+ This appendix provides an example scenario where the local area
+ topology does not suffice to determine that an LFA is available. As
+ described in Section 6.3, one problem scenario is for ASBR summaries
+ where the ASBR is available in two areas via intra-area routes and
+ there is at least one ABR or alternate ABR that is in both areas.
+ The following Figure 7 illustrates this case.
+
+ 5
+ [ F ]-----------[ C ]
+ | |
+ | | 5
+ 20 | 5 | 1
+ | [ N ]-----[ A ]*****[ F ]
+ | | # *
+ | 40 | # 50 * 2
+ | | 5 # 2 *
+ | [ S ]-----[ B ]*****[ G ]
+ | | *
+ | 5 | * 15
+ | | *
+ | [ E ] [ H ]
+ | | *
+ | 5 | * 10**
+ | | *
+ |---[ X ]----[ ASBR ]
+ 5
+
+ ---- Link in Area 1
+ **** Link in Area 2
+ #### Link in Backbone Area 0
+
+ Figure 7: Topology with Multi-Area ASBR Causing Area Transiting
+
+ In Figure 7, the ASBR is also an ABR and is announced into both area
+ 1 and area 2. A and B are both ABRs that are also connected to the
+ backbone area. S determines that N can provide a loop-free alternate
+ to reach the ASBR. N's path goes via A. A also sees an intra-area
+ route to ASBR via area 2; the cost of the path in area 2 is 30, which
+ is less than 35, the cost of the path in area 1. Therefore, A uses
+ the path from area 2 and directs traffic to F. The path from F in
+ area 2 goes to B. B is also an ABR and learns the ASBR from both
+ areas 1 and area 2; B's path via area 1 is shorter (cost 20) than B's
+ path via area 2 (cost 25). Therefore, B uses the path from area 1
+ that connects to S.
+
+
+
+
+Atlas, et al. Standards Track [Page 28]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+Authors' Addresses
+
+ Alia K. Atlas (editor)
+ BT
+
+ EMail: alia.atlas@bt.com
+
+
+ Alex Zinin (editor)
+ Alcatel-Lucent
+ 750D Chai Chee Rd, #06-06
+ Technopark@ChaiChee
+ Singapore 469004
+
+ EMail: alex.zinin@alcatel-lucent.com
+
+
+ Raveendra Torvi
+ FutureWei Technologies Inc.
+ 1700 Alma Dr. Suite 100
+ Plano, TX 75075
+ USA
+
+ EMail: traveendra@huawei.com
+
+
+ Gagan Choudhury
+ AT&T
+ 200 Laurel Avenue, Room D5-3C21
+ Middletown, NJ 07748
+ USA
+
+ Phone: +1 732 420-3721
+ EMail: gchoudhury@att.com
+
+
+ Christian Martin
+ iPath Technologies
+
+ EMail: chris@ipath.net
+
+
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 29]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+ Brent Imhoff
+ Juniper Networks
+ 1194 North Mathilda
+ Sunnyvale, CA 94089
+ USA
+
+ Phone: +1 314 378 2571
+ EMail: bimhoff@planetspork.com
+
+
+ Don Fedyk
+ Nortel Networks
+ 600 Technology Park
+ Billerica, MA 01821
+ USA
+
+ Phone: +1 978 288 3041
+ EMail: dwfedyk@nortelnetworks.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 30]
+
+RFC 5286 IP Fast Reroute: Loop-Free Alternates September 2008
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+Atlas, et al. Standards Track [Page 31]
+