Enhanced Topology Independent Loop-free
Alternate Fast Re-routeHuawei TechnologiesHuawei Campus, No. 156 Beiqing Rd.Beijing100095Chinac.l@huawei.comHuawei TechnologiesHuawei Campus, No. 156 Beiqing Rd.Beijing100095Chinahuzhibo@huawei.comChina Telecomzhuyq8@chinatelecom.cnJuniper Networks Inc.Indiashraddha@juniper.net
Routing Area
RTGWG Working GroupTopology Independent Loop-free Alternate Fast Re-route (TI-LFA) aims
at providing protection of node and adjacency segments within the
Segment Routing (SR) framework. A key aspect of TI-LFA is the FRR path
selection approach establishing protection over the expected
post-convergence paths from the point of local repair. However, the
TI-LFA FRR path may skip the node even if it is specified in the SID
list to be traveled.This document defines Enhanced TI-LFA(TI-LFA+) by adding a No-bypass
indicator for segments to ensure that the FRR route will not bypass the
specific node, such as firewall. Also, this document defines No-bypass
flag and No-FRR flag in SRH to indicate not to bypass nodes and not to
perform FRR on all the nodes along the SRv6 path, respectively.Segment Routing enables to steer packets by
explicitly encoding instructions in the data packets at the source node
to support services like traffic engineer. Relying on SR, defines Topology
Independent Loop-free Alternate Fast Re-route (TI-LFA), a local repair
mechanism for IGP shortest path that capable of restoring end-to-end
connectivity in the case of a sudden directly connected failure of a
network component.TI-LFA supports to establish a loop free backup path over the
expected post-convergence paths from the point of local repair
irrespective of the topologies used in the network, which provides a
major improvment compared to LFA , and remote
LFA which cannot be applicable in some
topologies .However, the TI-LFA path may skip the node that the active SID points
to when protecting [Adjacency, Node] segment lists. For instance, the
node that a adjacency SID points to is a very important node and can not
be skipped, such as a firewall node. When the link between the local
repair node and firewall node fails, the packets should be steered back
to the firewall and then forwarding. But in TI-LFA, if the next SID in
the SID list is a node SID, the TI-LFA FRR path MAY bypass the node that
the active segment points to. Also, if the firewall node is down, the
packets should be dropped instead for fast reroute to bypass the node.
Bypassing nodes like firewall in FRR brings issues of network security
and reliability.To enhance the security and reliability of networks, this document
defines an Enhanced Topology Independent Loop-free Alternate Fast
Re-route (TI-LFA+) based on TI-LFA by adding a No-bypass flag for
segments to explicitly specify what node can not be bypassed. Also, this
document defines No-bypass flag and No-FRR flag in SRH to indicate not
to bypass nodes and not to perform FRR on all the nodes along the SRv6
path, respectively.This document makes use of the terms defined in and . The reader is assumed to be familiar with the
terminology defined in and .The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 when, and only
when, they appear in all capitals, as shown here.Enhanced Topology Independent Loop-free Alternate Fast Re-route
(TI-LFA+) is an enhancement of TI-LFA to explicitly indicate whether a
node that segment points to can not be bypassed in FRR scenarios.TI-LFA+ will not change the main process and algorithm of TI-LFA.
Instead, in TI-LFA+, when generating repair SID list for a SID, the node
should consider whether the SID endpoint can be baseed or not, which is
explicitly encoded in IGP messages. If the node that segment points to
can not be bypassed, then the repair SID MUST lead the packets to that
node. This document defines a No-bypass flag for segments in IS-IS and
OSPF. Details will be discussed in section 4.A node should advertise two kinds of segment to meet various service
policy requirements.Bypassing capable segment with No-bypass flag unsetNo-bypassing segment with No-bypass flag set.A controller or control plane should choose specific segment
according to the service policy.[Editors' note] If the TI-LFA result is generated based on Locator
route instead of SIDs, then the No-bypass Flag can be applied to the
Locator.Also, this document defines No-bypass flag and No-FRR flag in SRH to
indicate not to bypass nodes and not to perform FRR on all the nodes
along the SRv6 path, respectively. Details will be discussed in section
5. describes the necessary IS-IS extensions
that need to be introduced for Segment Routing. defines the IS-IS
extensions required to support Segment Routing over an IPv6 data
plane. This documment defines a No-bypass flag in flag filed of the
following IS-IS sub-TLV/TLV.Prefix Segment Identifier sub-TLV (Prefix-SID sub-TLV) Adjacency Segment Identifier sub- TLV (Adj-SID sub-TLV).Locator entry in SRv6 Locator TLV The following figures are included here for reference and
will be deleted in the future version.If the No-bypass(NB) flag is set, means the node that the
SID/Label/Locator points to can not be bypassed. Oterwise, the node
can be bypassed. describes the necessary OSPF extensions
that need to be introduced for Segment Routing. defines the OSPF
extensions required to support Segment Routing over an IPv6 data
plane. This documment defines a No-bypass flag in flag filed of the
following OSPF sub-TLV/TLV.Prefix SID Sub-TLV Adj-SID sub-TLV SRv6 Node SID TLV SRv6 SID Link Attribute Sub-TLV The following figures are included here for reference and
will be deleted in the future version.If the No-bypass(NB) flag is set, means the node that the
SID/Label/Locator points to can not be bypassed. Oterwise, the node
can be bypassed.This section describes two flags in SRH.This document defines a No-bypass Flag in SRH .NB Flag: No-Bypass flag, when the flag is set, the repair
segment endpoint nodes MUST NOT bypass any nodes when link or node
failures occur. When a link is down, the packet MUST be forwarded
to the next segment endpoint node through the repair path. When
the node identified by the active SID in IPv6 destination address
is down, the SID can not be skipped, and the traffic MUST be
forwarded to the node.The flag can be set when the SID list containing service SIDs like
firewall SID, so that the traffic will not bypass the service
nodes.This document defines a No-FRR Flag in SRH .NF Flag: No-FRR flag, when the flag is set, the FRR is disable
for the packet, thus the packet will not be protected by the Local
protection mechanism, such as TI-LFA.The flag can be set when the SID list containing service SIDs like
firewall SID, so that the traffic will not bypass the service nodes.
In this case, E2E protection mechanism should be deployed.TBD.TBD.