Networking Working Group
Internet Draft
                                                           Zafar Ali
                                               Jean-Philippe Vasseur
                                                         Anca Zamfir
                                                 Cisco Systems, Inc.
                                                     Jonathan Newton
                                                  Cable and Wireless

Category: Informational
Expires: December 2007                                     June 2007


      Graceful Shutdown in GMPLS Traffic Engineering Networks

Status of this Memo

   By submitting this Internet-Draft, each author represents that
   any applicable patent or other IPR claims of which he or she is
   aware have been or will be disclosed, and any of which he or she
   becomes aware will be disclosed, in accordance with Section 6 of
   BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-
   Drafts as reference material or to cite them other than as "work
   in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on December 07, 2007.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

                        Expires December 2007               [Page 1]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07


   GMPLS-TE Graceful shutdown is a method for explicitly notifying
   the nodes in a Traffic Engineering (TE) enabled network that the
   TE capability on a link or on an entire Label Switching Router
   (LSR) is going to be disabled. GMPLS-TE graceful shutdown
   mechanisms are tailored towards addressing the planned outage in
   the network.

   This document provides requirements and protocol mechanisms so as
   to reduce/eliminate traffic disruption in the event of a planned
   shutdown of a network resource. These operations are equally
   applicable for both MPLS and its GMPLS extensions.

Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
   "OPTIONAL" in this document are to be interpreted as described in
   RFC-2119 [i].

Table of Contents

1. Terminology.....................................................2
2. Introduction....................................................3
3. Requirements for Graceful Shutdown..............................4
4. Mechanisms for Graceful Shutdown................................4
 4.1 RSVP-TE Signaling Mechanism for graceful shutdown............5
 4.1.1 Graceful Shutdown of TE link(s)............................5
 4.1.2 Graceful Shutdown of Component Link(s) in a Bundled TE Link 5
 4.1.3 Graceful Shutdown of TE Node...............................6
 4.2 OSPF/ ISIS Mechanisms for graceful shutdown..................6
 4.2.1 Graceful Shutdown of TE link(s)............................6
 4.2.2 Graceful Shutdown of Component Link(s) in a Bundled TE Link 7
 4.2.3 Graceful Shutdown of TE Node...............................7
5. Security Considerations.........................................7
6. IANA Considerations.............................................7
7. Acknowledgments.................................................7
8. Reference.......................................................7
 8.1 Normative Reference..........................................7
 8.2 Informative Reference........................................8
9. Authors' Address:...............................................8
10. Intellectual Property Considerations...........................8
11. Disclaimer of Validity.........................................9
12. Copyright Statement............................................9

1. Terminology

   LSR - Label Switching Device.

                         Expires December 2007             [Page 2]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07

   LSP - An MPLS Label Switched Path

   Head-end or Ingress node: In this document the terms "head-end
   node equally applies to the Ingress node that initiated signaling
   for the Path or an intermediate node (in the case of loose hops
   path computation) or a Path Computation Element (PCE) that
   computes the routes on behalf of its clients (PCC).

   GMPLS - The term GMPLS is used in this document to refer to both
   classic MPLS, as well as the GMPLS extensions to MPLS.

   TE Link - The term TE link refers to a physical link or an FA-
   LSP, on which traffic engineering is enabled. A TE link can be
   bundled or unbundled.

   The terms node and LSR will be used interchangeably in this

2. Introduction

   When outages in a network are planned (e.g. for maintenance
   purpose), some mechanisms can be used to avoid traffic
   disruption. This is in contrast with unplanned network element
   failure, where traffic disruption can be minimized thanks to
   recovery mechanisms but may not be avoided. Hence, a Service
   Provider may desire to gracefully (temporarily or definitely)
   disable Traffic Engineering on a TE Link, a group of TE Links or
   an entire node for administrative reasons such as link
   maintenance, software/hardware upgrade at a node or significant
   TE configuration changes. In all these cases, the goal is to
   minimize the impact on the GMPLS traffic engineered flows carried
   over TE LSPs in the network by triggering notifications so as to
   graceful reroute such flows before the administrative procedures
   are started.

   Graceful shutdown of a resource may require several steps. These
   steps can be broadly divided into two sets: disabling the
   resource in the control plane and removing the resource for
   forwarding. The node initiating the graceful shutdown condition
   SHOULD delay the removal of the resources for forwarding, for
   some period determined by local policy. This is to allow control
   plane to gracefully divert the traffic away from the resource
   being gracefully shutdown. Similarly, trigger for the graceful
   shutdown event is a local matter at the node initiating the
   graceful shutdown. Typically, graceful shutdown is triggered for
   administrative reasons, such as link maintenance or
   software/hardware upgrade at a node.

   This document describes the mechanisms that can be used to
   gracefully shutdown GMPLS Traffic Engineering on a resource. As
   mentioned earlier, the graceful shutdown of the Traffic

                         Expires December 2007             [Page 3]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07

   Engineering capability on a resource could be incorporated in the
   traditional shutdown operation of an interface, but it is a
   separate step that is taken before the IGP on the link is brought
   down and before the interface is brought down at different
   layers. This document only addresses TE node and TE resources.

3. Requirements for Graceful Shutdown

This section lists the requirements for graceful shutdown in the
context of GMPLS Traffic Engineering.

   - Graceful shutdown must address graceful removal of one TE link,
   one component link within a bundled TE link, a set of TE links, a
   set of component links or an entire node.

   - It is required to prevent other network nodes to use the
   network resources that are about to be shutdown, should new TE
   LSP be set up. However, if the resource being shutdown is a last
   resort, it can be used. Time or decision for removal of the
   resource being shutdown is based on a local decision at the node
   initiating the graceful shutdown procedure.

   - It is required to reduce/eliminate traffic disruption on the
   LSP(s) using the network resources which are about to be

   - Graceful shutdown mechanisms are equally applicable to intra-
   domain and TE LSPs spanning multiple domains. Here, a domain is
   defined as either an IGP area or an Autonomous System [INTER-

   - Graceful shutdown is equally applicable to GMPLS-TE, as well as
   packet-based (MPLS) TE LSPs.

   - In order to make rerouting effective, it is required to
   communicate information about the TE resource under graceful

4. Mechanisms for Graceful Shutdown

   An IGP only based solution is not applicable when dealing with
   Inter-area and Inter-AS traffic engineering, as IGP LSA/LSP
   flooding is restricted to IGP areas/levels. Consequently, RSVP
   based mechanisms are required to cope with TE LSPs spanning
   multiple domains. At the same time, RSVP mechanisms only convey
   the information for the transiting LSPs to the router along the
   upstream Path and not to all nodes in the network. Furthermore,
   it must be noted that graceful shutdown notification via IGP
   flooding is required to discourage a node from establishing new
   LSPs through the resources being shutdown. In the following

                         Expires December 2007             [Page 4]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07

   sections the complementary mechanisms for RSVP-TE and IGP for
   Graceful Shutdown are described.

4.1 RSVP-TE Signaling Mechanism for graceful shutdown

   As discussed in Section 3, one of the requirements for the
   signaling mechanism for graceful shutdown is to carry information
   about the resource under graceful shutdown. The Graceful Shutdown
   mechanism outlined in the following section, uses Path Error and
   where available, Notify message, in order to achieve this
   requirement. Such mechanisms relying on signaling are only
   applicable to the existing LSPs.
   Setup request for new LSPs over the TE resource being gracefully
   shutdown SHOULD be rejected using the existing mechanisms that
   are applied when the TE resource is not available.

4.1.1 Graceful Shutdown of TE link(s)

   The node where graceful shutdown of a link or a set of links is
   desired MUST trigger a Path Error message with "local link
   maintenance required" sub-code for all affected LSPs. The "local
   TE link maintenance required" error code is defined in [PATH-
   REOPT]. If available, and where notify requests were included
   when the LSPs were initially setup, Notify message (as defined in
   RFC 3471, RFC 3473) MAY also be used for delivery of this
   information to the head-end nodes.

   When a GS operation is performed along the path of a protected
   LSP, based on a local decision, the PLR or branch node MAY
   redirect the traffic onto the local detour or protecting segment.
   In any case, the PLR or branch node MUST forward the Path Error
   to the head-end LSR.

   When a head-end LSR receives a Path Error (or Notify) message
   with sub-code "Local Maintenance on TE Link required Flag", it
   SHOULD immediately trigger a make-before-break procedure. A head-
   end node SHOULD avoid the IP address contained in the PathErr (or
   Notify message) when performing path computation for the new LSP.

   If the resource being gracefully shutdown is on the Path of the
   protecting LSP/ local detour, the branch node/ PLR reroutes the
   protecting LSP/ local detour just a head-end LSR would reroute
   any other LSP.

4.1.2 Graceful Shutdown of Component Link(s) in a Bundled TE Link

   MPLS TE Link Bundling [BUNDLE] requires that an LSP is pinned
   down to component link(s). Hence, when a component link is
   shutdown, the TE LSPs affected by such maintenance action needs
   to be resignaled.

                         Expires December 2007             [Page 5]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07

   Graceful shutdown of a component link in a bundled TE link
   differs from graceful shutdown of unbundled TE link or entire
   bundled TE link. Specifically, in the former case, when only a
   subset of component links and not the entire TE bundled link is
   being shutdown, the remaining component links of the TE links may
   still be able to admit new LSPs. Consequently a new error sub-
   code for the RSVP error-code "Routing Problem" (24) [RSVP-TE] is

         9 (TBA)   Local component link maintenance required

   Error Sub-code for "Local component link maintenance required" is
   to be assigned by IANA.

   If the last component link is being shutdown, the procedure
   outlined in Section 5.1 is used.

   When a head-end LSR receives an RSVP Path Error or Notify message
   with sub-code "local component link maintenance required" Flag
   set, it SHOULD immediately perform a make-before-break to avoid
   traffic loss. The head-end LSR MAY still use the IP address
   contained in the Path Error or Notify message in performing path
   computation for rerouting the LSP. This is because, this address
   is an IP address of the component link and the flag is an
   implicit indication that the TE link may still have capacity to
   admit new LSPs. However, if the ERO is computed such that it also
   provides details of the component link selection(s) along the
   Path, the component link selection with IP address contained in
   the Path Error or Notify message SHOULD be avoided.

   Based on a local decision, PLR/ branch node MAY trigger FRR/
   segment recovery to recover from failure of a component link.

4.1.3 Graceful Shutdown of TE Node

   When graceful shutdown at node level is desired, the node in
   question follows the procedure specified in the previous section
   for all TE Links.

4.2 OSPF/ ISIS Mechanisms for graceful shutdown

   The procedures provided in this section are equally applicable to
   OSPF and ISIS.

4.2.1 Graceful Shutdown of TE link(s)

   The node where graceful-shutdown of a link is desired MUST
   originate the TE LSA/LSP containing Link TLV for the link under
   graceful shutdown with Traffic Engineering metric set to
   0xffffffff, 0 as unreserved bandwidth, and if the link has LSC or
   FSC as its   Switching Capability then also with 0 as Max LSP

                         Expires December 2007             [Page 6]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07

   Bandwidth.  This would discourage new LSP establishment through
   the link under graceful shutdown.

   Neighbors of the node where graceful shutdown procedure is in
   progress SHOULD continue to advertise the actual unreserved
   bandwidth of the TE links from the neighbors to that node,
   without any routing adjacency change.

4.2.2 Graceful Shutdown of Component Link(s) in a Bundled TE Link

   If graceful shutdown procedure is performed for a component link
   within a TE Link bundle and it is not the last component link
   available within the TE link, the link attributes associated with
   the TE link are recomputed. If the removal of the component link
   results in a significant bandwidth change event, a new LSA is
   originated with the new traffic parameters. If the last component
   link is being shutdown, the routing procedure outlined in Section
   4.2.1 is used.

4.2.3 Graceful Shutdown of TE Node

   When graceful shutdown at node level is desired, the node in
   question follows the procedure specified in the previous section
   for all TE Links.

5. Security Considerations

   This document does not introduce new security issues. The
   security considerations pertaining to the original RSVP protocol
   [RSVP] remain relevant.

6. IANA Considerations

   A new error sub-code for Path Error and Notify message is needed
   for   "Local component link maintenance required" flag.

7. Acknowledgments

   The authors would like to acknowledge useful comments from David
   Ward, Sami Boutros, Adrian Farrel and Dimitri Papadimitriou.

8. Reference

8.1 Normative Reference

   [RSVP-TE] D. Awduche, L. Berger, D. Gan, T. Li, V. Srinivasan,
   and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP Tunnels",
   RFC 3209, December 2001.

   [PATH-REOPT] Jean-Philippe Vasseur, et al "Reoptimization of MPLS
   Traffic Engineering loosely routed LSP paths", RFC 4736.

                         Expires December 2007             [Page 7]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07

8.2 Informative Reference

   [RSVP] Braden, et al, "Resource ReSerVation Protocol (RSVP) -
   Version 1, Functional Specification", RFC 2205, December 1997.

   [INTER-AREA-AS] Adrian Farrel, Jean-Philippe Vasseur, Arthi
   Ayyangar, "A Framework for Inter-Domain MPLS Traffic
   Engineering", RFC 4726.

   [BUNDLE] Kompella, K., Rekhter, Y., Berger, L., "Link Bundling in
   MPLS Traffic Engineering", RFC 4201.

9. Authors' Address:

   Zafar Ali
   Cisco systems, Inc.,
   2000 Innovation Drive
   Kanata, Ontario, K2K 3E8

   Jean Philippe Vasseur
   Cisco Systems, Inc.
   300 Beaver Brook Road
   Boxborough , MA - 01719

   Anca Zamfir
   Cisco Systems, Inc.
   2000 Innovation Drive
   Kanata, Ontario, K2K 3E8

   Jonathan Newton
   Cable and Wireless

10. Intellectual Property Considerations

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be
   claimed to pertain to the implementation or use of the technology
   described in this document or the extent to which any license
   under such rights might or might not be available; nor does it
   represent that it has made any independent effort to identify any
   such rights.  Information on the procedures with respect to
   rights in RFC documents can be found in BCP 78 and BCP 79.

                         Expires December 2007             [Page 8]

        draft-ietf-ccamp-mpls-graceful-shutdown-03.txt      June 07

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the
   use of such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR
   repository at

   The IETF invites any interested party to bring to its attention
   any copyrights, patents or patent applications, or other
   proprietary rights that may cover technology that may be required
   to implement this standard.  Please address the information to
   the IETF at

11. Disclaimer of Validity

   This document and the information contained herein are provided

12. Copyright Statement

   Copyright (C) The IETF Trust (2007).
   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

                         Expires December 2007             [Page 9]