SRv6 Midpoint ProtectionChina Telecom109, West Zhongshan Road, Tianhe DistrictGuangzhou510000Chinachenhuan6@chinatelecom.cnHuawei TechnologiesHuawei Bld., No.156 Beiqing Rd.Beijing100095Chinahuzhibo@huawei.comFutureweiBoston, MAUSAHuaimo.chen@futurewei.comHuawei Technologiesgengxuesong@huawei.comThe current local repair mechanism, e.g., TI-LFA, allows local repair
actions on the direct neighbors of the failed node to temporarily route
traffic to the destination. This mechanism could not work properly when
the failure happens in the destination point or the link connected to
the destination. In SRv6 TE, the IPv6 destination address in the outer
IPv6 header could be the dedicated endpoint of the TE path rather than
the destination of the TE path. When the endpoint fails, local repair
couldn't work on the direct neighbor of the failed endpoint either. This
document defines midpoint protection, which enables the direct neighbor
of the failed endpoint to do the function of the endpoint, replace the
IPv6 destination address to the other endpoint, and choose the next hop
based on the new destination address.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.The current mechanism, e.g., TI-LFA (), allows local repair
actions on the direct neighbors of the failed node to temporarily route
traffic to the destination. This mechanism could not work properly when
the failure happens in the destination point or the link connected to
the destination. In SRv6 TE, the IPv6 destination address in the outer
IPv6 header could be the dedicated endpoint of the TE path rather than
the destination of the TE path (). When the endpoint
fails, local repair couldn't work on the direct neighbor of the failed
endpoint either. This document defines midpoint protection, which
enables the direct neighbor of the failed endpoint to do the function of
the endpoint, replace the IPv6 destination address to the other
endpoint, and choose the next hop based on the new destination
address.When an endpoint node fails, the packet needs to bypass the failed
endpoint node and be forwarded to the next endpoint node of the failed
endpoint. On the Repair Node (i.e., the previous hop of the failed
endpoint node), it performs the proxy forwarding as follows :Outbound interface failure happens in the Repair Node;Case 1: Route to the failed endpoint could be found in the FIB
of Repair Node:If the Repair Node is not directly connected to the failed
endpoint, the normal Ti-LFA is executed;If the Repair Node is directly connected to the failed endpoint,
the Repair Node forwards the packets through a bypass to the failed
endpoint, changing the IPv6 destination address with the IPv6
address of the next, the last or other reasonable endpoint nodes,
which could avoid going throw the failed endpoint.Case 2: Route to the failed endpoint could not be found in the
FIB of Repair Node:Repair Node forwards the packets through a bypass of the failed
endpoint to the next, the last or other reasonable endpoint node
directly . There is no need to check whether the failed endpoint
node is directly connected to the Repair Node or not.The topology shown in Figure 1 illustrates an example of network
topology with SRv6 enabled on each node.Figure 1: An example of midpoint protectionIn this document, an end SID at node n with locator block B is
represented as B:n. An end.x SID at node n towards node k with locator
block B is represented as B:n:k. A SID list is represented as <S1,
S2, S3> where S1 is the first SID to visit, S2 is the second SID to
visit and S3 is the last SID to visit along the SRv6 TE path.In the reference topology:Node N1 is an ingress node of SRv6 domain. Node N1 steers a packet
into a segment list < B:3, B:4>.When Node N3 fails, the packet needs to bypass the failed endpoint
node and be forwarded to the next endpoint node after the failed
endpoint in the TE path. When outbound interface failure happens in the
Repair Node (which is not limited to the previous hop node of the failed
endpoint node), it performs the proxy forwarding as follows,:For node N2, if the outbound interface to the endpoint B:3 is failed
before IGP converges:Because node N2, as a Repair Node, is connected to the failed
endpoint B:3 directly, node N2 forwards the packets through a bypass
of the failed endpoint, changing the IPv6 destination address with
the next sid B:4. N2 detects the failure of outbound interface to
B:4 in the current route, it could use the normal Ti-LFA repait path
to forward the packet, because it is not directly connected to the
node N4. N2 encapsulates the packet with the segment list <
B:5:6> as a repair path.For node N1, route to the failed endpoint N3 could not be found in
the FIB after IGP converges:Node N1, as a Repair Node, forwards the packets through a bypass
of the failed endpoint to the next or endpoint node (e.g., N4)
directly. There is no need to check whether the failed endpoint node
is directly connected to N1. N1 changes the IPv6 destination address
with the next sid B:4. Since IGP has completed convergence, it
forwards packets directly based on the IGP SPF pathWhen the Repair Node is a transit node, it provides fast protection
against the endpoint node failure as follows after looking up the
FIB.When a node N receives a packet, if the destination address (DA) of
the packet is a local END SID, then node N is an endpoint node. When
the Repair Node is an endpoint node, it provides fast protections for
the failure through executing the following procedure after looking up
the FIB for the updated DA.An endpoint node with cross-connect (End.X for short) is an
endpoint node with an array of layer 3 adjacencies. When a node N
receives a packet, if the destination address (DA) of the packet is a
local END.X SID, then node N as Repair Node provides fast protections
for the failure through executing the following procedure after
updating DA.SRv6 Midpoint Protection provides a mechanism to bypass a failed
endpoint. But in some scenarios, some important functions may be
implemented in the bypassed failed endpoints that should not be
bypassed, such as firewall functionality or In-situ Flow Information
Telemetry of a specified path. Therefore, a mechanism is needed to
indicate whether an endpoint can be bypassed or not. provides method to determine
whether enbale SRv6 midpoint protection or not by defining a "no bypass"
flag for the SIDs in IGP.This section reviews security considerations related to SRv6 Midpoint
protection processing discussed in this document.To ensure that the
Repair node does not modify the SRH header Encapsulated by nodes outside
the SRv6 Domain.Only the segment within the SRH is same domain as the
repair node. So it is necessary to check the skipped segment have same
block as repair node.This document makes no request of IANA.Note to RFC Editor: this section may be removed on publication as an
RFC.