Internet Draft Alia Atlas (Avici Systems)
Expires: August 2004 Raveendra Torvi (Avici Systems)
Gagan Choudhury (AT&T)
Christian Martin (Verizon)
Brent Imhoff (Wiltel)
Don Fedyk (Nortel)
IP/LDP Local Protection
draft-atlas-ip-local-protect-00.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This document defines an architecture and selection process for
providing local protection for IP unicast and/or LDP traffic in the
event of a single link or node failure until the router has
converged. When computing the primary next-hop for a prefix, a
router S also determines an alternate next-hop which can be used if
the primary next-hop fails. The alternate can be either a loop-free
alternate, which goes to a neighbor whose shortest path to the prefix
does not go back through the router S, or a U-turn alternate, which
goes to a neighbor whose primary next-hop to the prefix is the router
S, and which has itself a loop-free node-protecting alternate, which
thus does not go through router S to reach the destination prefix.
Atlas et al. [Page 1]
Internet Draft August 2004
A router may indicate the capability to break U-turns on its links;
only such links can be used as U-turn alternate next-hops. To signal
this capability, a router must be capable of detecting when it
receives traffic for a given destination from a primary neighbor for
that destination and the router must forward that traffic to the
selected alternate next-hop.
To support U-Turn alternates and node-protection, a router must know
what links its neighbor can consider for alternates, how a neighbor
will select an alternate, and upon which interfaces a neighbor can
break U-turns. This document defines a common selection criteria
which MUST be followed. In addition, it is necessary to signal two
capabilities per link. First is whether U-turns can be broken on the
link and second is whether the link can be used as an alternate, as
determined administratively.
Contents
1 Introduction ................................................. 3
2 Terminology .................................................. 4
3 Finding an Alternate ......................................... 6
3.1 Types of Alternates ....................................... 6
3.1.1 Loop-Free Alternates ................................... 7
3.1.2 U-Turn Alternates ..................................... 8
3.1.2.1 ECMP U-Turn Neighbors ............................. 11
3.1.2.2 U-Turn Neighbor's Alternate ....................... 13
3.1.2.2.1 Computing Alternate So Primary Next-Hop Can
Use Computing Router for U-Turn Alternate....... 15
3.2 Selection of an Alternate ................................. 15
3.2.1 IP Local Protection Alternate Capability .............. 16
3.2.2 U-Turn Breaking Capability ............................ 16
3.2.3 Characterization of Neighbors ......................... 16
3.2.4 Selection Procedure ................................... 17
3.2.4.1 Alternate Selection With One Primary Neighbor ...... 17
3.2.4.2 Alternate Selection With Multiple Potential
Primary Neighbors .................................. 19
4 Using an Alternate ........................................... 19
4.1 Breaking U-Turns .......................................... 19
4.1.1 Broadcast and NBMA Interfaces ........................... 21
4.2 Responding to a Local Failure ............................. 22
5 Requirements on LDP Mechanics ................................ 23
6 Routing Interactions .......................................... 23
6.1 OSPF Inter-Area Routing ................................... 23
6.2 OSPF External Routing ..................................... 25
6.3 ISIS Multi-Level Routing .................................. 25
Atlas et al. [Page 2]
Internet Draft August 2004
6.4 OSPF Virtual Links ........................................ 26
6.5 BGP Next-Hop Synchronization .............................. 26
6.6 Interactions with ISIS Overload, RFC 3137
and Costed Out Links ...................................... 26
6.7 Multicast Considerations .................................. 27
7 Security Considerations ...................................... 27
8 Intellectual Property Considerations ......................... 27
9 Full Copyright Statement ..................................... 27
10 References ................................................... 28
11 Authors Information .......................................... 29
1. Introduction
Applications such as VoIP and pseudo-wires can be very sensitive to
traffic loss, such as occurs when a link or router in the network
fails. A router's convergence time is generally on the order of
seconds; the application traffic may be sensitive to losses greater
than 10s of milliseconds. This document describes a mechanism to
allow a router whose local link has failed to forward traffic to a
pre-computed alternate until the router installs the new primary
next-hops based upon the changed network topology.
When a local link fails, a router currently must signal the event to
its neighbors via the IGP, recompute new primary next-hops for all
affected prefixes, and only then install those new primary next-hops
into the forwarding plane. Until the new primary next-hops are
installed, traffic directed towards the affected prefixes is
discarded. This process can take seconds.
/__
\ +-----+
/------| S |--\
/ +-----+ \
/ 5 8 \
/ \
+-----+ +-----+
| P | | N_1 |
+-----+ +-----+
\ /
\ \ 4 3 / /
\| \ / |/
-+ \ +-----+ / +-
\---| D |---/
+-----+
Figure 1: Basic Topology
Atlas et al. [Page 3]
Internet Draft August 2004
The goal of IP/LDP Local Protection is to reduce that traffic
convergence time to 10s of milliseconds by using a pre-computed
alternate interface, in the event that the currently selected primary
interface fails, so that the alternate can be rapidly used when the
failure is detected.
To clarify the behavior of IP/LDP Local Protection, consider the
simple topology in Figure 1. When router S computes its shortest
path to router D, router S determines to use the interface to router
P as its primary next-hop. Without IP/LDP Local Protection, that is
the only next-hop that router S computes to reach D. With IP/LDP
Local Protection, S also looks for an alternate next-hop to use. In
this example, S would determine that it could send traffic destined
to D by using the interface to router N_1 and therefore S would
install the interface to N_1 as its alternate next-hop. At some
point later, the link between router S and router P could fail. If
that link fails, S (and most likely P) will be the first to detect
it. On detecting the failure, S will stop sending traffic destined
to D towards P via the failed link, and instead send the traffic to
S's pre-computed alternate next-hop, which is the interface to N_1,
until a new SPF is run and its results are installed. As with the
primary next-hop, the alternate next-hop is computed for each
destination. The process of computing an alternate next-hop does not
alter the primary next-hop computed via a standard SPF. The
alternate next-hop can protect against a single link or node failure.
If in the example of Figure 1, the link cost from N_1 to D increased
to 30 from 3, then N_1 would not be a loop-free alternate, because
the cost of the path from N_1 to D via S would be 17 while the cost
from N_1 directly to D would be 30. In real networks, we may often
face this situation. In the modified example, N_1 has a loop-free
node-protecting alternate to reach D; N_1 can reach D directly. If S
could use N_1 in such a scenario, then the topologies where there are
acceptable alternates could increase. Such an alternate is termed a
U-turn alternate; S sends to a neighbor N_1 whose primary neighbor
for that traffic is S. N_1 detects this situation and rather than
forwarding the traffic back to S, in a U-turn loop, N_1 breaks the
U-Turn and forwards the traffic to N_1's alternate.
The existence of a suitable alternate next-hop is topology dependent;
in real networks, the addition of U-Turn alternates has substantially
improved the coverage of alternates for the source/destination pairs
in those networks over that available with only loop-free alternates.
2. Terminology
SPT --- Shortest Path Tree
Atlas et al. [Page 4]
Internet Draft August 2004
D --- The destination router under discussion.
S --- The source router under discussion. It is the viewpoint from
which IP/LDP Local Protection is described.
P --- The router which is the primary next-hop neighbor to get from S
to D. Where there is an ECMP set for the shortest path from S
to D, these will be referred to as P_1, P_2, etc.
N_i --- The ith neighbor of S
R_i_j --- The jth neighbor of N_i, the ith neighbor of S.
Distance_!S(N_i, D) --- The distance of the shortest path from N_i to
D which does not go through router S.
Distance_opt(A, B) --- The distance of the shortest path from A to B.
Reverse Distance of a node X --- This is the Distance_opt(X, S).
Loop-Free Alternate --- This is a next-hop that is not a primary
next-hop whose shortest path to the destination from the
alternate neighbor does not go back through the router S.
U-Turn Alternate --- This is an alternate next-hop of S that goes to
a neighbor N_i, whose primary next-hop is S, and whose
alternate is loop-free with respect to S and N_i. In other
words, this is an alternate that would normally loop traffic
back to the source (S), but which itself has an alternate that
does not loop back to the source (S).
Link(A->B) --- A link connecting router A to router B.
____\ This is an arrow indicating the primary next-hop towards D.
/
@@@@\ This is an arrow indicating the alternate next-hop towards D
/
Primary Neighbor --- One or more of the primary next-hops for S to
reach the destination D goes directly to this neighbor.
Loop-Free Neighbor --- A Neighbor N_i which is not the primary
neighbor and whose shortest path to D does not go through S.
U-Turn Neighbor --- A neighbor N_i is a U-Turn neighbor of router S
with respect to a given destination D if and only if S is a
primary neighbor of N_i to reach the destination D for all
Atlas et al. [Page 5]
Internet Draft August 2004
primary paths which go through S to reach D.
ECMP U-Turn Neighbor --- A neighbor N_i which is a U-Turn neighbor
and which has at least one equal cost path to reach D that does
not go through S as well as the path(s) which do go through S to
reach D.
Looping Neighbor --- A neighbor N_i is a looping neighbor of router S
with respect to a given destination D if any of N_i's optimal
paths to D goes through S, but S is not the primary next-hop of
N_i for all those paths through S.
Loop-Free Node-Protecting Alternate --- This is a path via a Loop-
Free Neighbor N_i which does not go through the particular
primary neighbor of S which is being protected to reach the
destination D.
Loop-Free Link-Protecting Alternate --- This is a path via a Loop-
Free Neighbor N_i which does go through the particular primary
neighbor of S which is being protected to reach the destination
D.
U-Turn Node-Protecting Alternate --- This is a path via a U-Turn
Neighbor N_i which does not go through S or any of S's primary
neighbors to reach the destination D.
U-Turn Link-Protecting Alternate --- This is a path via a U-Turn
Neighbor N_i which does not go through S but does go through one
or more of S's primary neighbors to reach the destination D.
Upstream Forwarding Loop --- This is a forwarding loop which involves
a set of routers, none of which are directly connected to the
link which has caused the topology change that triggered a new
SPF in any of the routers.
3. Finding an Alternate
3.1. Types of Alternates
As with primary next-hops, an alternate next-hop is discussed in
relation to a particular destination router D. For this discussion,
the following terminology, illustrated in Figure 2, will be used.
The router on which the search for an alternate is proceeding is S.
The primary next-hop neighbor to get from S to D is P. Additionally,
S has various neighbors which will be labeled N_1, N_2, etc. Where
an arbitrary neighbor of S is intended, N_i will be used. Routers
which are neighbors of neighbors will be labeled R_1, R_2, etc.
Atlas et al. [Page 6]
Internet Draft August 2004
Where an arbitrary neighbor of a neighbor N_i is intended, it will be
refered to as R_i_j.
In IP routing, a router S can join the shortest path tree (SPT) at
exactly one point -- itself. An alternate next-hop allows traffic
from S to D to deviate from the SPT and then rejoin it. For
instance, if S were to send traffic destined for D to N_1 instead of
P, thereby deviating from the SPT, then when N_1 received it, N_1
would send that traffic along its shortest path to D.
+-----+
\ / _| R_2 |
+-----+__ \| |/ / +-----+
| N_3 | \ -+ +- __/ \
+-----+ \____ / \
\ \ / \
\ +-----+ \
\ _| N_2 | \
| __/ +-----+ \
\ / \ |
\ / / \_ |
+-----+ |/ \ |
| S | +- \ +-----+ |
+-----+ \_| R_1 | |
/ / \ +-----+ |
|/ / \ / |
+- / \ / |
/ +-----+ / / |
+-----+/ | N_1 | / |/ |
| P | +-----+ / +- |
+-----+ \ / /
\ \ \__ / /
\ \ \| \ / /
\| \ -+ +-----+ /
-+ \_________________| D |---------/
+-----+
Figure 2: Topology for Terminology
3.1.1. Loop-Free Alternates
To expand the set of points at which S can cause its traffic to join
the SPT, first consider S's neighbors. Router S has the ability to
send traffic to any one of its neighbors N_i; this is the easiest
possible deviation from the SPT that S can cause to happen. Thus,
all of router S's neighbors are possible points at which S could
cause traffic to rejoin the SPT. However, it is not useful for
router S to use a next-hop which results in rejoining the SPT
Atlas et al. [Page 7]
Internet Draft August 2004
upstream of S, such that the traffic will transit S again. This
would cause a loop. Avoiding a loop is thus the first constraint
imposed on the alternate next-hop. In Figure 2, this is the case
for S's neighbors N_2 and N_3.
A next-hop which goes to a neighbor that does not have a loop back to
S and is not the primary next-hop may be selected as an alternate
next-hop. In Figure 2, that is the case for S's neighbor N_1. Such
alternates are referred to as loop-free alternates because there is
no loop caused by using them.
An algorithm run on router S must be able to determine which
neighbors provide loop-free alternates. By running an SPF
computation from S's perspective, router S can determine the distance
from a neighbor N_i to the destination D for the optimal path that
does not go through S. This is referred to as Distance_!S(N_i, D).
If a neighbor N_i can provide a loop-free alternate, then it is
cheaper to get to the destination without going through S than by
going through S. This gives the following requirement, where
Distance_opt(A, B) gives the distance of the optimal path from A to
B.
Distance_!S(N_i, D) < Distance_opt(N_i, S) + Distance_opt(S, D)
Equation 1: Criteria for a Loop-Free Alternate
Recall that a router will take the shortest path to a destination
that it can see. Thus, if Distance_!S(N_i, D) > Distance_opt(N_i, S)
+ Distance_opt(S, D), then router N_i will, based on its own shortest
path computations, determine to send traffic destined for D to S.
Similarly, if Distance_!S(N_i, D) = Distance_opt(N_i, S) +
Distance_opt(S, D), then router N_i has equal cost paths to the
destination D where one or more of those paths go through S. In such
a case where a router N_i has an ECMP set to reach the destination
and one or more paths go through S, then the router N_i cannot
provide a loop-free alternate because some traffic destined to D may
be sent back to S by N_i. Thus, if N_i is to decide not to send
traffic for D back to S, N_i must observe that the shortest path to D
does not go through S; Equation 1 gives this requirement in terms
which can be determined by router S.
3.1.2. U-Turn Alternates
In examining realistic networks, it was seen that loop-free
alternates did not provide adequate coverage for the traffic between
all the source-destination pairs. This means that it is not
sufficient to expand the set of points where S can cause its traffic
to join the SPT to be only S's neighbors.
Atlas et al. [Page 8]
Internet Draft August 2004
The next possibility is to see whether S could expand its SPT join
points to include router S's neighbors' neighbors. This is only of
interest if S had no loop-free node-protecting alternate available
for the given destination D. If there are no loop-free alternates,
that implies that all of S's non-primary neighbors will send traffic
for D back to S.
The topology shown in Figure 3 gives an example where router S has no
loop-free alternate to reach D. Router S uses P as its primary
next-hop (distance of 30). S has three other neighbors, but all of
them will send traffic for D back through S.
+-----+ \
| N_4 |\ \| / +-----+
+-----+ \ -+ |/ /| R_3 |
/ \ +- / +-----+
/ 15 | _/ |
| | 5 / |
| 50 \ / |
+-----+ | +-----+ |
| N_2 | / ______/| N_3 | |
+-----+ \ / / +-----+ 70 |
| \ \| / / 30 / |
10| \ -+ / / |/ |
| 15 \ +-----+ +- |
@ | \-----| S | |
@ | / +-----+ |
\@/ | @@@@ | |
| \ | |10 /
| | | /
+-----+ \_/ | /
| R_2 | +-----+ /
+-----+ | P | /
\ +-----+ /
\ \ 40 / /
\| \ 10 / / /
-+ \ / |/ /
+-----+ / +- /
| R_1 |---/ /
+-----+ /
\ 10 +-----+
\ \------------------| D |
\| +-----+
-+
P is primary next-hop of S
N_2 and N_3 are U-Turn Neighbors of S
N_4 is a Looping Neighbor of S
Atlas et al. [Page 9]
Internet Draft August 2004
Figure 3: Terminology of Looping Neighbors and Example U-Turn Alternate
In order for S to be able to use a neighbor's neighbor as a point
where S's traffic can rejoin the SPT, S must be able to direct
traffic to a neighbor N_i and that neighbor N_i must be able to
direct traffic to one of its appropriate neighbors R_i_j instead of
along the SPT. In deciding to use its alternate, S has the ability
to force traffic destined to D to go through the selected alternate
neighbor N_i. However, for S to reach the appropriate neighbor's
neighbor R_i_j, the selected neighbor N_i must be able to detect
that the traffic should not be sent along its shortest path to D,
which would lead back to S, and should instead be sent to its
appropriate neighbor R_i_j.
This detection and forwarding contrary to the SPT by N_i must occur
without any communication from S upon the failure which would cause S
to redirect the traffic to N_i. There is already communication from
S to N_i indicating when a link has failed, but such communication
would cause the fail-over of traffic to take longer than the desired
10s of milliseconds if N_i depended upon it to decide that it should
forward contrary to the SPT. In essence, the assumption being made
is that the time budget to recover traffic in the event of a failure
is being consumed by router S's detection of the failure and switch-
over to its pre-computed alternate.
With that assumption, it is clear that N_i's behavior to forward
traffic contrary to the SPT on receiving traffic from S must be a
default behavior. This default behavior must not change how traffic
is forwarded unless a forwarding loop is detected; basic IP
forwarding must be preserved in the absence of a failure. Router N_i
can detect if it is receiving traffic from a neighbor to whom it
would forward that traffic; this detection is done via a reverse
forwarding check. Such a reverse forwarding check should consider
not only if traffic is received on the same interface as it would be
forwarded out, but whether it was received from the same neighbor to
whom it would be forwarded. Normally, if traffic fails a reverse
forwarding check (i.e. would be forwarded out to the same neighbor as
received from), then that traffic is either discarded or forwarded
into a loop. In IP/LDP Local Protection, however, traffic that fails
a reverse forwarding check is forwarded to the appropriate R_i_j, if
available, rather than being discarded.
First, this detection can be used by N_i to determine not to forward
the traffic according to the SPT (or discard it), but to instead send
the traffic to N_i's appropriate neighbor R_i_j. N_i can only detect
the traffic to be redirected if S sends it directly to N_i, which is
under S's control, and if N_i would send that traffic back to S,
according to the SPT. This motivates the definition of a Looping
Atlas et al. [Page 10]
Internet Draft August 2004
Neighbor and a U-turn Neighbor.
Looping Neighbor --- A neighbor N_i is a looping neighbor of
router S with respect to a given
destination D if any of N_i's shortest
paths to D goes through S but S is not the
primary next-hop of N_i for all those
paths through S.
U-Turn Neighbor --- A neighbor N_i is a U-Turn Neighbor of
router S with respect to a given destination
D if and only if S is a primary next-hop of
N_i to reach the destination D for all
primary paths which go through S to reach D.
A Looping Neighbor cannot provide any type of alternate. A U-Turn
neighbor may be able to provide an alternate. In Figure 3, S has two
U-Turn Neighbors N_2 and N_3 and one looping neighbor N_4. For
neighbor N_4, the path to D is N_3 to S to N_1 to R_1 to D; because
there is a node between N4 and S on the path, N_4 is a looping
neighbor.
Mathematically, for a neighbor N_i to be a U-Turn neighbor, it is
necessary that Equation 2, which is the exact opposite of Equation 1,
be true. If the equality is true, that means that there are multiple
optimal paths, at least one of which goes through S and one does not.
Such a neighbor may be an ECMP U-Turn neighbor or may be a looping
neighbor.
Distance_!S(N_i, D) >= Distance_opt(N_i, S) + Distance_opt(S, D)
Equation 2: U-Turn or Looping Neighbor
Additionally, all optimal paths to reach D that go via S must be via
a direct link between N_i and S. If a neighbor N_i satisfies
Equation 2 and all optimal paths to reach D that go via S are via a
direct link between N_i and S, then it is a U-turn neighbor.
The above clarifies what a U-Turn neighbor is and how such a neighbor
can detect traffic from router S and redirect it. It is still
necessary to describe where the U-Turn neigbhor N_i redirects the
traffic.
3.1.2.1. ECMP U-Turn Neighbors
The above definition for U-Turn Neighbor allows a neighbor, which has
equal cost paths (an ECMP set) where one of those paths goes directly
Atlas et al. [Page 11]
Internet Draft August 2004
to S and others may not, to be a U-Turn Neighbor. Consider the
topology shown in Figure 4. In this figure, N_1 has three equal-cost
paths to reach D which are N_1 - S - P - D, N_1 - R_1 - D, and N_1 -
R_2 - D. Because the only path that goes through S goes directly
through S, N_1 is a U-Turn neighbor of S.
+-----+------\
/--| N_1 | 5 \
/ / +-----+\ \ +-----+
|/ / 10 \ \ 15 \------| R_3 |
+- / 10 \ \ +-----+
/ | \ \ |
+-----+ | | \ \| |
| S | \|/ | \ -+ | |
+-----+ | \ | \|/
/ +-----+ \ |
/ / 10 | R_1 | \ 15|
|/ / +-----+ \ |
+- / / / +-----+ |
/ |/ / 20 | R_2 | |
+-----+ +- / +-----+ |
| P | | /__ 15 / |
+-----+ | \ / |
\ | /-------/ +-----+
\ \ 10 | / | X |
\| \ | / /__ +-----+
-+ \ +-----+ \ / 15
\------| D |-------------------/
+-----+
Figure 4: ECMP U-Turn Neighbor
Distance_!S(N_i, D) = Distance_opt(N_i, S) + Distance_opt(S, D)
Equation 3: ECMP Neighbor
A neighbor is an ECMP neighbor if Equation 3 is true. The
complication comes because S does not know whether a neighbor N_i
supports ECMP or how that neighbor selects among the equal cost
paths. Recall that a node will only break U-Turns on the interfaces
connected to that node's primary neighbors.
Consider the topology in Figure 5, where N_2 has three equal cost
primary neighbors which are S, N_1 and R_1. If N_2 were to select
only N_1 as its primary neighbor, then N_2 would break U-Turns only
on traffic received from N_1 and not on traffic received from S.
Therefore, S cannot consider N_2 as an ECMP U-Turn neighbor because S
cannot rely upon N_2 to break U-turns for traffic destined to D which
Atlas et al. [Page 12]
Internet Draft August 2004
is received from S.
If N_2 has multiple paths to reach D which go through S and not all
such paths have a first hop which is a direct link between N_2 and S,
then S cannot use N_2 as a U-Turn neighbor.
10 +-----+
/ /--------------| N_2 |\ \
|/ / +-----+ \ \|
+- / /----/ 5 \ -+
/ / / \
/ 5 +-----+ |/ |
/ /----| N_1 | +- | 15
+-----+ / +-----+ |
| S |/ / +-----+
+-----+ |/ | R_1 |
/ / +- +-----+
|/ / 5 /
+- / / 15
+-----+ /--------/
| P | /
+-----+ / /
\ / |/
\ \ 5 +-----+ / +-
\| \-------------| D |/
-+ +-----+
Figure 5: ECMP Neighbor Which is Not an ECMP U-Turn Neighbor
If all paths from an ECMP neighbor N_i to destination D which go via
S have S as the primary neighbor, then S can use N_2 as a ECMP U-Turn
neighbor.
3.1.2.2. U-Turn Neighbor's Alternate
The requirement for the neighbor's neighbor R_i_j to which a U-Turn
Neighbor N_i will redirect traffic from S destined to D is that the
traffic not come back to S. Equation 4 gives this requirement that
R_i_j must have a path to D that does not go through S which is
shorter than the path to D going via S. This can be expressed as
follows.
Distance_!S(R_i_j, D) < Distance_opt(R_i_j, S) + Distance_opt(S, D)
Equation 4: Loop-Free Neighbor's Neighbor
Equation 4 means that a U-Turn neighbor's alternate cannot be an ECMP
set which contains that U-Turn neighbor.
Atlas et al. [Page 13]
Internet Draft August 2004
If N_i is a U-Turn neighbor, then the optimal path to D from N_i is
via S; the path is N_i - S - ... - D. Therefore, if the optimal path
from R_i_j goes through N_i, it must also go through S. Thus, if
Equation 4 holds for a R_i_j, that implies that the path from R_i_j
does not go through N_i. This may be made clearer by considering
Figure 6 below. If the shortest path from R_1 to D went through N_1,
then it would go through S as well, because the shortest path from
N_1 to D is through S. Therefore, if the shortest path from R_1 does
not go through S, it cannot have gone through N_1.
5 +-----+ @
/ /--------------| N_2 |\ @
|/ / +-----+ \ \@/
+- / /@\ \
/ @ \
/ @ |
/ | 15
+-----+ |
| S | +-----+
+-----+ | R_1 |
/ / +-----+
|/ / 5 /
+- / / 5
+-----+ /--------/
| P | /
+-----+ / /
\ / |/
\ \ 5 +-----+ / +-
\| \-------------| D |/
-+ +-----+
Figure 6: U-Turn Alternate Example
If the optimal path from Ri,j to D goes through N_i, then
Distance_!S(R_i_j, D) >= Distance_opt(R_i_j, N_i) +
Distance_opt(N_i, D)
Because N_i is a U-Turn neighbor, the shortest path to D is via S:
Distance_opt(N_i, D) = Distance_opt(N_i, S) + Distance_opt(S, D)
The previous two equations can be combined to form the following:
Distance_!S(R_i_j , D) >= Distance_opt(R_i_j, N_i) +
Distance_opt(N_i, S) + Distance_opt(S, D)
Because Distance_opt(R_i_j, S) is the minimum distance of a path to
get from R_i_j to S, the path to do so via N_i cannot have a lower
distance.
Distance_opt(R_i_j, S) <= Distance_opt(R_i_j, N_i) +
Distance_opt(N_i, S)
Atlas et al. [Page 14]
Internet Draft August 2004
This can be combined with the previous equation to yield
Distance_!S(R_i_j, D) >= Distance_opt(R_i_j, S) + Distance_opt(S,D)
This equation is the opposite of Equation 4. Thus, if Equation 4
is true, then the optimal path from R_i_j to D does not go through
N_i.
Proof 1: Proof that a Loop-Free R_i_j (Neighbor's Neighbor)
Implies R_i_j Doesn't Loop to Neighbor N_i
The proof given in Proof 1 means that if a U-Turn Neighbor N_i has
itself a neighbor R_i_j that satisfies Equation 4, then that router
R_i_j is itself a loop-free alternate with respect to N_i.
Regrettably, the converse does not apply; just because R_i_j is
loop-free with respect to N_i and D does not mean that R_i_j is
loop-free with respect to S and D.
3.1.2.2.1. Computing Alternate So Primary Next-Hop Can Use Computing
Router for U-Turn Alternate
Each router independently computes the alternate that it will select.
It is necessary to consider what alternate S could select so that S's
primary next-hop P could use S as a U-Turn alternate. In other
words, consider the computation when S is in the role of a neighbor
to the router doing the computation.
To describe this using router S as the computing router, S would need
to verify that both Equation 1 is true and that S's selected
alternate N_i does not have a path that goes through P.
This can be described as if N_i were doing the computation as
follows. The criteria described in Equation 4 requires that if a U-
Turn neighbor N_i is to be used as a U-Turn alternate then N_i must
have a loop-free alternate which avoids N_i's primary neighbor S.
Such an alternate will be referred to as a loop-free node-protecting
alternate. N_i can identify loop-free alternates by checking the
validity of Equation 5. Additionally, N_i will need to tell whether
the path from a loop-free R_i_j to D goes through N_i's primary
next-hop neighbor, S.
Distance_!S(R_i_j, D) < Distance_opt(R_i_j, N_i) +
Distance_opt(N_i, D)
Equation 5: Neighbor's Loop-Free Alternate
3.2. Selection of an Alternate
All routers that supports breaking U-Turns for IP/LDP Local
Atlas et al. [Page 15]
Internet Draft August 2004
Protection must follow common alternate selection criteria. For a
node S to use a U-Turn neighbor N_u for a U-turn alternate, S must
know not only that N_u has an acceptable loop-free node-protecting
alternate but that N_u can and will use it. For S to be able to
provide node-protection via a U-Turn alternate, S must know how N_u
will select among the loop-free node-protecting alternates which are
available.
3.2.1. IP Local Protectection Alternate Capability
There are a number of different reasons why an operator may not wish
for a particular interface to be used as an alternate. For instance,
the interface may go to an edge router or the interface may not have
sufficient bandwidth to contain the traffic which would be put on it
in the event of failure.
Because a router's neighbors may desire to use that router to provide
a U-turn alternate, a router must flood to its neighbors which
interfaces are not capable of providing alternates. This information
allows a router's neighbors to accurately determine whether or not
the router has a loop-free node-protecting alternate.
The extensions to signal this local-protection alternate capability
are described in [OSPF-LOCAL-PROTECT] and [ISIS-LOCAL-PROTECT].
3.2.2. U-Turn Breaking Capability
A router S may only use its neighbor N_u as a U-Turn alternate if N_u
indicates that it is capable of breaking U-Turns on a link between S
and N_u. The capability to break U-Turns must be signaled for a link
in order for S to determine that it can use N_u as a U-Turn
alternate. By default, S MUST assume that a neighbor cannot provide
a U-Turn alternate unless that neighbor indicates the U-Turn breaking
capability on a link between S and N_u. This U-Turn breaking
capability need only be flooded to a node's neighbors.
The extensions to signal the U-turn breaking capability are also
described in [OSPF-LOCAL-PROTECT] and [ISIS-LOCAL-PROTECT].
3.2.3 Characterization of Neighbors
Conceptually, each neighbor N_i is categorized as to the type of path
which it can provide to a particular destination D. Each neighbor
can be characterized as providing a path in one of the following
categories for a particular destination D. The path through the
neighbor N_i is either a:
(A) Primary Path --- one of the shortest paths that is selected
Atlas et al. [Page 16]
Internet Draft August 2004
as a primary next-hop,
(B) Loop-Free Node-Protecting Alternate --- not a primary path
and the path avoids both S, the interfaces connecting S to its
primary neighbors, and its primary neighbors on the path to D.
(C) Loop-Free Link-Protecting Alternate --- not a primary path
and the path avoids S and the interfaces connecting S to its
primary neighbors, but goes through a primary neighbor on the
path to D.
(D) U-Turn Node-Protecting Alternate --- the neighbor is a U-
Turn neighbor or a ECMP U-Turn neighbor and the alternate that
the neighbor has selected does not go through a primary neighbor
of S to reach D.
(E) U-Turn Link-Protecting Alternate --- the neighbor is a U-
Turn neighbor or a ECMP U-Turn neighbor and the alternate that
the neighbor has selected goes through a primary neighbor of S
to reach D.
(F) Unavailable --- because the neighbor is looping or a U-Turn
neighbor which didn't itself have a loop-free node-protecting
path, or a U-Turn neighbor which couldn't break U-Turns or the
links to the neighbor are configured to not be used as
alternates. The neighbor may also be disqualified because it is
connected to S solely via broadcast interfaces which also have
primary next-hops.
3.2.4. Selection Procedure
Once the neighbors have been categorized, a selection can be made.
The selection should maximize the failures which can be protected
against. A node S can only be used to break U-turns by its primary
neighbors if S has a loop-free node-protecting alternate.
The selection procedure depends on whether S has a single potential
primary neighbor or multiple potential primary neighbors. A router S
is defined to have a single potential primary neighbor only if there
are no equal cost paths that go through any other neighbor; i.e., a
router S cannot be considered to have a single potential primary
neighbor just because S does not support ECMP or just because S
selects as primary next-hops links to only one potential primary
neighbor.
3.2.4.1. Alternate Selection With One Primary Neighbor
Because a router S can only be used to break U-Turns by its primary
Atlas et al. [Page 17]
Internet Draft August 2004
neighbor if S selects a loop-free node-protecting alternate, the
following rules MUST be followed when selecting an alternate.
1. If a router S has one or more loop-free node protecting
alternates, then S MUST select one of those alternates. Let M be
the set of neighbors which provide loop-free node-protecting
alternates. If S has multiple loop-free node protecting
alternates, then S MUST select the alternate through a N_k such
that:
D_!S(N_k, D) - D_opt(N_k, P) = min_forall m in M
(D_!S(m, D) - D_opt(m, P))
Equation 6: Selection Among Multiple Loop-Free
Node-Protecting Alternates
where P is the primary neighbor of S.
To rephrase the above to consider the S is the node looking for
a U-Turn alternate, the above way of selecting among loop-free
node-protecting alternates ensures that N_i's primary neighbor S
can determine which alternate was picked by N_i. For S to know
that S's U-Turn neighbor N_i can provide a loop-free node-
protecting alternate, S must know if
min_forall j in J ( D_!S(R_i_j, D) - D_opt(R_i_j, S) )
< D_opt(S, D)
Equation 7: Determination if a U-Turn Neighbor
can provide a U-Turn Alternate
If a router obeys Equation 6 when selecting among multiple
loop-free node-protecting alternates, as it MUST for IP/LDP
Local Protection, this allows S to determine exactly which
alternate was selected by N_i without needing to know the each
D_!S(R_i_j). Equation 7 allows S to determine that N_i has a
loop-free node-protecting alternate. Equation 6 allows S to
know exactly which alternate will be selected so that S can
determine whether that alternate protects against S's primary
neighbor as well. If there are multiple neighbors which provide
the minimum as expressed in Equation 6, then a router can select
among them arbitrarily.
2. If a router S has no loop-free node-protecting alternates,
then S's alternate selection has no consequences for its
neighbors because S cannot provide a U-Turn alternate.
Therefore, S can select freely among the loop-free link-
protecting alternates, u-turn node-protecting alternates and u-
Atlas et al. [Page 18]
Internet Draft August 2004
turn link protecting alternates which S has available. Clearly
selecting a u-turn node-protecting alternate, if one is
available, will provide node-protection, while the other options
will not. Selection among these categories is a router-local
decision.
3. If S has neither loop-free node-protecting alternates,
loop-free link-protecting alternates, u-turn node-protecting
alternates, nor u-turn link-protecting alternates, then S has no
alternate available for traffic to the destination D from the
source S.
3.2.4.2. Alternate Selection With Multiple Potential Primary Neighbors
The selection among multiple equal cost paths is a router-local
decision. Therefore, a router N_i cannot know which of the potential
primary neighbors that S will choose to use.
As described in Section 3.1.2.1, N_i can only select S for its U-Turn
alternate if any potential primary neighbor which S might select,
except for N_i itself, will not go via N_i to reach the destination
D.
Since a router S has multiple potential primary neighbors, router S
MUST select one or more alternates for breaking U-Turns from among
next-hops to its potential primary neighbors. If router S does not
have a potential primary neighbor that is node-protecting for a
particular primary next-hop, that indicates that the particular
primary neighbor will not use S as a U-turn alternate.
Router S need not use the same alternate(s) for breaking U-Turns on
traffic received from a primary next-hop as for when the primary
next-hop fails. The alternate(s) used when a primary next-hop fails
are a router-local decision.
4. Using an Alternate
If an alternate is available, it is used in two circumstances. In
the first circumstance, it is used to redirect traffic received from
a primary next-hop neighbor. In the second circumstance, it is used
to redirect traffic when the primary next-hop has failed. As
mentioned in Section 3.2.4.2, for destinations with multiple
potential primary neighbors, the alternates used for each purpose
need not be the same.
4.1. Breaking U-Turns
If one ignores potential security redirection, IP forwarding is a
Atlas et al. [Page 19]
Internet Draft August 2004
purely destination based algorithm. Traffic is forwarded based upon
the destination IP address, regardless of the incoming interface.
+--------------------------+
| N_1 |
| |
| primary alternate |
| D: S R_1 |
| C: R_1 R_2 |
| |
|--------+--------+--------|
| D: R_1 | D: S | D: S |
| C: R_1 | C: R_1 | C: R_2 |
+--------------------------+
/ | \
/ L_1 | L_2 \ L_3
/ | \
/ +-----+ \
+-----+ | R_2 | \
| S | +-----+ +-----+
+-----+ / | R_1 |
/ / +-----+
/ / /
/ / /
+-----+ / /--------/
| P | / /
+-----+ __ / __ /
\ / \ / \ /
\ / \/ \ /
\------ | |
\ CLOUD /
_/ |
/ |
\_ ___ /
/\_/ \_/
/ \
/ \
/ +-----+
+-----+ | D |
| C | +-----+
+-----+
Figure 7: Example Forwarding Table
As previously described in Section 3.1.2, IP/LDP Local Protection
requires that a U-Turn neighbor be capable of detecting traffic
coming from the primary next-hop neighbor and redirecting it to the
alternate, if an alternate which is node-protecting is available.
Atlas et al. [Page 20]
Internet Draft August 2004
This becomes the new default behavior. This behavior is described
below. A router which indicates that it is capable of breaking U-
Turns on an interface MUST obey the following behavior on that
interface.
For an IP destination
If the packet was received on an interface connected
to a primary neighbor
then if the interface is U-Turn Breaking Capable
then if that primary next-hop has a loop-free
node-protecting alternate
then forward the packet to that alternate
else if interface is point-to-point
then discard
else if interface is configured for ICMP redirection
then forward to primary and
send ICMP redirect according to RFC 792
else discard
else forward to a primary next-hop
else forward to a primary next-hop
New Forwarding Rule
To clarify the above behavior, consider the example below in Figure
7. In this case, router N_1 has a primary and an alternate for two
destinations D and C. The primary next-hop for destination D is
router S and the alternate next-hop is R_1. Similarly, the primary
next-hop for destination C is router R_1 and the alternate next-hop
is R_2. The three interfaces L_1, L_2, and L_3 shown on router N_1
have different forwarding tables as shown in Figure 7; additional
interfaces would have the same forwarding table as for interface L_2,
which is not a primary next-hop for either destination.
4.1.1. Broadcast and NBMA Interfaces
With broadcast interfaces (i.e. Gigabit Ethernet) and NBMA
interfaces, there can be multiple neighbors connected to the same
interface. The NBMA and broadcast interfaces can be treated
identically for IP/LDP Local Protection.
It is extremely desirable to have at most one forwarding table per
interface. Therefore, it must be considered whether all traffic
received on an interface can be treated identically, regardless of
the neighbor sourcing the traffic on that interface.
The cost for any node on the broadcast interface to reach S or P will
be identical. Because all link costs are positive, no neighbor on
the broadcast interface will ever send traffic to S along that
Atlas et al. [Page 21]
Internet Draft August 2004
interface in order to reach P. Therefore, S can assume that any
traffic received on the broadcast interface which goes to a
destination via a primary next-hop neighbor that is also on the
broadcast interface is in fact sent by that primary next-hop neighbor
and should be redirected to break the U-Turn.
+-----------+-----------+------------+----------+
| | | | |
| | /P\ | /P\ | /P\ | /P\
| 2 3| | 3| | 4| | 5| |
| | | | |
+-----+ +-----+ +-----+ +-----+ +-----+
| P | | S | | N_1 | | N_2 | | N_3 |
+-----+ +-----+ +-----+ +-----+ +-----+
\ \ 10
\ \ 10 @ \________
\| \ @| \
-+ \ -+ +-----+
\ ________| N_4 |
\ / 10 +-----+
+-----+ /
| D |/
+-----+
Figure 8: Topology With Broadcast Interface
Thus, if router S has a primary next-hop neighbor for a given prefix
on the broadcast interface, S should redirect all traffic received
destined to that prefix on the broadcast interface to S's alternate
next-hop.
This does assume that all neighbors on a broadcast interface are
routers or are properly configured hosts. If this assumption is
acceptable for a particular broadcast or NBMA interface, then traffic
received on the interface, which is configured to be U-turn capable,
for which there is no loop-free node-protecting alternate will be
discarded. If this assumption is not acceptable, i.e. if there is a
locally connected host, then traffic received on the interface, which
is configured to be U-turn capable, for which there is no loop-free
node-protecting alternate should be forwarded back out the interface
(i.e. to the primary) and an ICMP Redirect should be sent to the
originating host.
An interface can be either a primary next-hop or the alternate next-
hop, but not both because there would be no protection if the
interface failed.
4.2. Responding to a Local Failure
Atlas et al. [Page 22]
Internet Draft August 2004
When a local interface failure is detected, traffic that was destined
to go out the failed interface must be redirected to the appropriate
alternate next-hops. The alternate next-hop is pre-computed to be
reliable in the event of the failure scenario being protected against
(i.e. link or node failure).
IP/LDP Local Protection does not attempt to add anything new to the
detection of the failure. The same mechanisms that enable RSVP-TE
Fast-Reroute can work here. Because the alternate next-hop is pre-
computed, it should be extremely fast to switch traffic to use it,
exactly as is the case with RSVP-TE Fast-Reroute.
5. Requirements on LDP Mechanics
In order for LDP to take advantage of the alternate next-hops
determined, it is necessary for LDP to have the appropriate labels
available for the alternate so that the appropriate out-segments can
be installed in the forwarding plane before the failure occurs.
This means that a Label Switched Router (LSR) running LDP must
distribute its labels for the FECs it can provide to all its
neighbors, regardless of whether or not they are upstream.
Additionally, LDP must be acting in liberal label retention mode so
that the labels which correspond to interfaces that aren't currently
the primary next-hop are stored. Similarly, LDP should be in
downstream unsolicited mode, so that the labels for the FEC are
distributed other than along the SPT.
6. Routing Interactions
Just as a standard SPF is run on a particular area or level to find
the primary next-hops, IP Local Protection determines the alternates
to use for a particular area or level. An IGP must determine how to
use those alternates for routes which are not in the local area.
Additionally, those alternates must be communicated properly to LDP
and BGP for their use. IP Local Protection provides alternate paths
for IGP destinations. The alternates are provided to LDP and BGP for
forwarding purposes only; the alternates are not redistributed in any
fashion into other protocols.
6.1. OSPF Inter-Area Routing
Each area in OSPF has its own link state database and corresponding
topology. IP Local Protection provides the primary next-hops and
alternate next-hop for each Area Border Router. The alternates for
summary routes which can be reached via a particular Area Border
Router (ABR) will be inherited from the ABR, just as the primary
next-hops are currently.
Atlas et al. [Page 23]
Internet Draft August 2004
The complexity occurs when there is a set of ABRs which are
equidistant from the router S and those ABRs are summarizing a common
set of inter-area destinations. This is a case where the router S
will select from the primary next-hops to reach each of the ABRs in
the set in order to form an ECMP set to reach the inter-area
destination(s).
Additional alternate inheritance rules are necessary in this case;
the rules to follow depend upon the nature of the candidates for the
ECMP set. There are two scenarios, which will be explained in
reference to Figure 9.
.........
..... .....
... ...
... +-----+ ...
. /| A_1 |-------------\ .
. / +-----+ \ .
. / \-+-----+ 5
.. / |ABR 1|--------\
. / 5 +-----+--------+-----+ \
. / /--------| N_1 | 5 . \
. +-----+-/ +-----+ . +-----+
. | S | . | D |
. +-----+-\ . +-----+
. \ \ . 5 /
. \ \ +-----+ . /-------/
. \ \------| N_2 | 5 . /
. \ +-----+-------+-----+ /
. \ |ABR.2|/
.. +-----+ /-+-----+
. | A_2 |--------------/ .
. +-----+ .
. .
... ...
... area 0 ...
..... .....
.........
Figure 9: Inheriting Alternates for ECMP Inter-Area Destinations
1. ECMP Inter-Area Destination with more than one potential
primary neighbor.
2. ECMP Inter-Area Destination with a single primary neighbor.
In Scenario 1, the paths from S to ABR-1 and ABR-2 are node-
protecting with respect to each other; each neighbor is reached via a
Atlas et al. [Page 24]
Internet Draft August 2004
different primary next-hop to reach the destination D. In this case,
the primary next-hop to reach N_1 can be used as the alternate next-
hop for N_2 and vice versa. Finding the alternate next-hops in this
scenario is straightforward, because the paths to ABR-1 and ABR-2 are
disjoint.
In Scenario 2, the primary neighbor to reach ABR-1 and ABR-2 is the
same, so the alternate must protect against both the link to N_1
failing and N_1 itself failing. Let the set of ABRs which can be
used to reach the destination be indexed up to T. A loop-free node-
protecting alternate A_i is a candidate if the following is true.
forall_t in T,
if (D_opt(A_i, D) == D_opt(A_i, ABR_t) + D_opt(ABR_t, D))
D_!S(A_i, ABR_t) < D_opt(A_i, S) + D_opt(S, ABR_t)
The selection criteria between candidate alternate next-hops
associated with ABRs in an ABR set MUST be as follows, for the same
reason as described in Section 3.2.4.4.
1. If there is one or more loop-free node-protecting alternates
associated with one ABR in the set of ABRs, then router MUST
select one of those alternates. Let M be the set of neighbors
which provide loop-free node-protecting alternates to at least
one ABR in the set of ABRs. If S has multiple loop-free node-
protecting alternates, then S MUST select the alternate through
N_k such that Equation 6 is satisfied.
2. If there are no loop-free node-protecting alternates
associated with an ABR in a set of ABRs, then S can select
freely among the appropriate ABR alternates which are available.
6.2. OSPF External Routing
Rules of inheritance of alternate next-hops for external routes is
the same as for inter-area destinations. The additional complication
comes from forwarding addresses, where an ASBR uses a forwarding
address to indicate to all routers in the Autonomous System to use
the specified address instead of going through the ASBR. When a
forwarding address has been indicated, all routers in the topology
calculate the shortest path to the link specified in the external
LSA. In this case, the alternate next-hop of the forwarding link
should be used, in conjunction with the primary next-hop of the
forwarding link, instead of those associated with the ASBR.
6.3. ISIS Multi-Level Routing
Atlas et al. [Page 25]
Internet Draft August 2004
Rules for alternate inheritance between levels in ISIS are the same
as for OSPF inter-area routing.
6.4 OSPF Virtual Links
OSPF virtual links are used to connect two disjoint backbone areas
using a transit area. A virtual link is configured at the border
routers of the disjoint area. There are two scenarios, depending
upon the position of the root, router S.
If router S is itself an ABR or one of the endpoints of the disjoint
area, then router S must resolve its paths to the destination on the
other side of the disjoint area by using the summary links in the
transit area and using the closest ABR summarizing them into the
transit area. This means that the data path may diverge from the
virtual neighbor's control path. An ABR's primary and alternate
next-hops are calculated by IP Local Protection on the transit area.
The primary next-hops to use are determined based upon the closest
set of equidistant ABRs; the same rules described in Section 6.1 for
inter-area destinations MUST be followed for OSPF virtual links to
determine the alternate next-hop. The same ECMP cases apply.
If router S is not an ABR, then all the destinations on the other
side of the disjoint area will inherit the virtual link's endpoint,
the transit ABR. The same OSPF inter-area rules described in Section
6.1 MUST be followed here as well.
6.5 BGP Next-Hop Synchronization
BGP simply inherits the alternate next-hop based upon the IGP
destination which was selected. The BGP decision process is
unaltered.
6.6 Interactions with ISIS Overload, RFC 3137 and Costed Out Links
As described in RFC 3137, there are cases where it is desirable not
to have a router used as a transit node. For those cases, it is also
desirable not to have the router used on an alternate path.
For computing an alternate, a router MUST not consider diverting from
the SPF tree along a link whose reverse cost is LSInfinity (for OSPF)
or whose router has the overload bit set (for ISIS).
In the case of OSPF, if all links from router S to a neighbor N_i
have a reverse cost of LSInfinity, then router S cannot consider
using N_i as an alternate. If all links from a neighbor N_i to a
neighbor's neighbor R_i_j have a reverse cost of LSInfinity, then
router S cannot consider that N_i could provide a U-turn alternate
via R_i_j.
Atlas et al. [Page 26]
Internet Draft August 2004
Similarly in the case of ISIS, if N_i has the overload bit set, then
S cannot consider using N_i as an alternate. If a neighbor's
neighbor R_i_j has the overload bit set, then router S cannot
consider that N_i could provide a U-turn alterante via R_i_j.
This preserves the desired behavior of diverting traffic away from a
router which is following RFC 3137 and it also preserves the desired
behavior when an operator sets the cost of a link to LSInfinity for
maintenance, of not permitting traffic across that link unless there
is no other path.
If a link or router which is costed out was the only possible
alternate to protect traffic from a particular router S to a
particular destination, then there will be no alternate provided for
protection.
6.7 Multicast Considerations
IP/LDP Local Protection does not apply to multicast traffic. The
alternate next-hops SHOULD not used for multi-cast RPF checks.
7. Security Considerations
This document does not introduce any new security issues. The
mechanisms described in this document depend upon the network
topology distributed via an IGP, such as OSPF or ISIS. It is
dependent upon the security associated with those protocols.
8. Intellectual Property Considerations
Avici Systems has intellectual property rights claimed in regard to
the specification contained in this document.
9. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
Atlas et al. [Page 27]
Internet Draft August 2004
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
10. References
[OSPF-LOCAL-PROTECT] A. Atlas, R. Torvi, G. Choudhury, B. Imhoff, C.
Martin, D. Fedyk, "OSPFv2 Extensions for Link Capabilities and IP/LDP
Local Protection", draft-atlas-ospf-local-protect-cap-00.txt,
February 2004, work-in-progress
[ISIS-LOCAL-PROTECT] A. Atlas, R. Torvi, C. Martin, "ISIS Extensions
for Signaling Local Protection Capabilities", draft-martin-isis-
local-protect-cap-00.txt, February 2004, work-in-progress
[LDP] L. Anderson, P. Doolan, N. Feldman, A. Fredette, B. Thomas,
"LDP Specification", RFC 3036, January 2001
[RSVP-TE] D. Awduche, L. Berger, D. Gan, T. Li, V Srinivasan, G.
Swallow, "RSVP-TE: Extensions to RSVP for LSP Tunnels", RFC 3209,
December 2001
[RSVP-TE FRR] P. Pan, D. Gan, G. Swallow, JP Vasseur, D. Cooper, A.
Atlas, and M. Jork, "Fast Reroute Extensions to RSVP-TE for LSP
Tunnels", work-in-progress draft-ietf-mpls-rsvp-lsp-fastreroute-
04.txt, February 2004
[RFC3137] Retana, A., Nguyen, L., White, R., Zinin, A., and
McPherson, D., "OSPF Stub Router Advertisement", RFC 3137, June 2001
[RFC3277] D. McPherson, "Intermediate System to Intermediate System
(IS-IS) Transient Blackhole Avoidance", RFC 3277, April 2002
[ISIS] R. Callon, "Use of OSI IS-IS for Routing in TCP/IP and Dual
Environments", RFC 1195, December 1990
[RFC2966] T. Li, T. Przygienda, H. Smit, "Domain-wide Prefix
Distribution with Two-Level IS-IS", RFC 2966, October 2000
Atlas et al. [Page 28]
Internet Draft August 2004
[OSPF] J. Moy, "OSPF Version 2", RFC 2328, April 1998
[RFC2370] R. Coltun, "The OSPF Opaque LSA Option", RFC 2370, July
1998
11. Authors Information
Alia Atlas
Avici Systems
101 Billerica Avenue
N. Billerica, MA 01862
USA
email: aatlas@avici.com
phone: +1 978 964 2070
Raveendra Torvi
Avici Systems
101 Billerica Avenue
N. Billerica, MA 01862
USA
email: rtorvi@avici.com
phone: +1 978 964 2026
Gagan Choudhury
AT&T
Room D5-3C21
200 Laurel Avenue
Middletown, NJ 07748
USA
email: gchoudhury@att.com
phone: +1 732 420-3721
Christian Martin
Verizon
1880 Campus Commons Drive
Reston, VA 20191
email: cmartin@verizon.com
Brent Imhoff
WilTel Communications
3180 Rider Trail South
Bridgeton, MO 63045
USA
email: brent.imhoff@wcg.com
phone: +1 314 595 6853
Don Fedyk
Nortel Networks
Atlas et al. [Page 29]
Internet Draft August 2004
600 Technology Park
Billerica, MA 01450
email: dwfedyk@nortelnetworks.com
phone: +1 978 288 3041
Atlas et al. [Page 30]