The Applicability of the PCE to Computing Protection and Recovery Paths for Single Domain and Multi-Domain Networks.

Network survivability remains a major concern for network operators and service providers, particularly as expanding applications such as private and Public Cloud drive increasingly more traffic across longer ranges, to a wider number of users. A variety of well-known pre-planned protection and post-fault recovery schemes have been developed for IP, MPLS and GMPLS networks. The Path Computation Element (PCE) can be used to perform complex path computation in large single domain, multi-domain and multi-layered networks. The PCE can also be used to compute a variety of restoration and protection paths and services. This document examines the applicability of the PCE architecture, protocols, and protocol extensions for computing protection paths and restoration services.

A domain can be defined as a separate administrative, geographic, or switching environment within the network. A domain may be further defined as a zone of routing or computational ability. Under these definitions a domain might be categorized as an Antonymous System (AS) or an Interior Gateway Protocol (IGP) area (as per and ), or specific switching environment. In the context of GMPLS, a particularly important example of a domain is the Automatically Switched Optical Network (ASON) subnetwork . In this case, computation of an end-to-end path requires the selection of nodes and links within a parent domain where some nodes may, in fact, be subnetworks. Furthermore, a domain might be an ASON routing area . A PCE may perform the path computation function of an ASON routing controller as described in . It is assumed that the PCE architecture should be applied to small inter-domain topologies and not to solve route computation issues across large groups of domains, I.E. the entire Internet. Most existing protocol mechanisms for network survivability have focused on single-domain scenarios. Multi-domain scenarios are much more complex and challenging as domain topology information is typically not shared outside each specific domain. Therefore multi-domain survivability is a key requirement for today's complex networks. It is important to develop more adaptive multi-domain recovery solutions for various failure scenarios.

Three signaling options are defined for setting up an inter-area or inter-AS LSP : Contiguous LSP Stitched LSP Nested LSP

Typically traffic-engineered networks such as MPLS-TE and GMPLS, use protection and recovery mechanisms based on the pre-established use of a packet or optical LSP and/or the availability of spare resources and the network topology.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . In this document, these words will appear with that interpretation only when in ALL CAPS. Lower case uses of these words are not to be interpreted as carrying significance.

The following terminology is used in this document. Area Border Router. Router used to connect two IGP areas (Areas in OSPF or levels in IS-IS). Autonomous System Border Router. Router used to connect together ASes of the same or different service providers via one or more inter-AS links. Boundary Node (BN). A boundary node is either an ABR in the context of inter-area Traffic Engineering or an ASBR in the context of inter-AS Traffic Engineering. Confidential Path Segment. A segment of a path that contains nodes and links that the AS policy requires not to be disclosed outside the AS. Communication Service Provide. Constrained Shorted Path First Algorithm. Explicit Route Object. Fast Re-Route. Interior Gateway Protocol. Either of the two routing protocols, Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS). A TE LSP whose path transits through two or more IGP areas. A TE LSP whose path transits through two or more ASs or sub-ASs (BGP confederations). Intermediate System to Intermediate System. Label Switched Path. Label Switching Router. Merge Point. The LSR where one or more backup tunnels rejoin the path of the protected LSP downstream of the potential failure. Open Shortest Path First. Path Computation Client. Any client application requesting a path computation to be performed by a Path Computation Element. Path Computation Element. An entity (component, application, or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. Path Key Subobject. A subobject of an Explicit Route Object or Record Route Object that encodes a CPS so as to preserve confidentiality. Point of Local Repair. The head-end LSR of a backup tunnel or a detour LSP. Record Route Object. Resource Reservation Protocol. Shared Risk Link Group. Traffic Engineering. Traffic Engineering Database, which contains the topology and resource information of the domain. The TED may be fed by Interior Gateway Protocol (IGP) extensions or potentially by other means. This document also uses the terminology defined in and .

For the purpose of this document it is assumed that the path computation is the sole responsibility of the PCE as per the architecture defined in . When a path is required the Path Computation Client (PCC) will send a request to the PCE. The PCE will apply the required constraints and compute a path and return a response to the PCC. In the context of this document it may be necessary for the PCE to co-operate with other PCEs in adjacent domains (as per BRPC ) or cooperate with the Parent PCE (as per RFC 6805). A PCE may be used to compute end-to-end paths across single or multiple domains. Multiple PCEs may be dedicated to each area to provide sufficient path computation capacity and redundancy for each domain. During path computation , a PCC request may contain backup LSP requirements in order to setup in the same time the primary and backup LSPs. This request is known as dependent path computations. A typical dependent request for a primary and backup service would request that the computation assign a set of diverse paths, so both services are disjointed from each other.

Online path computation is performed on-demand as nodes in the network determine that they need to know the paths to use for services.

Offline path computation is performed ahead of time, before the LSP setup is requested. That means that it is requested by, or performed as part of, a management application. This method of computation allows the optimal placement of services and explicit control of services. A Communication Service Provide (CSP) can plan where new protection services will be placed ahead of time. Furthermore by computing paths offline specific scenarios can be considered and a global view of network resources is available. Finally, offline path computation provides a method to compute protection paths in the event of a single, or multiple, link failures. This allows the placement of backup services in the event of catastrophic network failures.

This document describes how the PCE architecture defined in may be utilized to compute protection and recovery paths for critical network services. In the context of this document (inter-domain) it may be necessary for the PCE to co-operate with other PCEs in adjacent domains (as per BRPC ) or cooperate with the Parent PCE (as per RFC 6805).

Disjoint paths are required for end-to-end protection services. A backup service may be required to be fully disjoint from the primary service, link disjoint (allowing common nodes on the paths), or best-effort disjoint (allowing shared links or nodes when no other path can be found).

Networks constructed from multi-areas or multi-AS environments may have multiple interconnect points (multi-homing). End-to-end path computations may need to use different interconnect points to avoid single point failures disrupting primary and backup services. Domain and path diversity may also be required when computing end-to-end paths. Domain diversity should facilitate the selection of paths that share ingress and egress domains, but do not share transit domains. Therefore, there must be a method allowing the inclusion or exclusion of specific domains when computing end-to-end paths.

An end-to-end primary service carried by a primary TE LSP from a primary ingress node to a primary egress node may need to be protected against the failures in the ingress and the egress. In this case, a backup ingress and a backup egress are required, which are different from the primary ingress and the primary egress respectively. The backup ingress should be in the same domain as the primary ingress, and the backup egress should be in the same domain as the primary egress. A source of the service traffic may be sent to both the primary ingress and the backup ingress (dual-homing). The source may not be in the same domain as the primary ingress and the backup ingress. When the primary ingress fails, the service traffic is delivered through the backup ingress. A receiver of the service traffic may be connected to both the primary egress and the backup egress (dual-homing). The receiver may not be in the same domain as the primary egress and the backup egress. When the primary egress fails, the receiver gets the service traffic from the backup egress.

Network survivability is a key objective for CSPs, particularly as expanding revenue services (cloud and data center applications) are increasing exponentially. Pre-fault paths are pre-computed and protection resources are reserved a priory for rapid recovery. In the event of a network failure on the primary path, the traffic is fast switched to the backup path. These pre-provisioned mechanisms are capable of ensuring protection against single link failures. Post-fault restoration schemes are reactive and require a reactive routing procedure to set up new working paths in the event of a failure. Post fault restoration can significantly impact network services as they are typically impacted by longer restoration delays and cannot guarantee recovery of a service. However, they are much more network resource efficient and are capable of handling multi-failure situations.

A variety of pre-planned protection and post-fault restoration recovery schemes are available for single domain MPLS and GMPLS networks, these include: Path Recovery Path Segment Recovery Local Recovery (Fast Reroute)

Typically network survivability has focused on single-domain scenarios. By contrast, broader multi-domain scenarios are much more challenging as no single entity has a global view of topology information. As a result, multi-domain survivability is very important. A PCE may be used to compute end-to-end paths across multi-domain environments using a per-domain path computation technique . The so called backward recursive path computation (BRPC) mechanism defines a PCE-based path computation procedure to compute inter-domain constrained LSPs.

A PCE can be used to compute backup paths in the context of fast reroute protection of TE LSPs. In this model, all backup TE LSPs protecting a given facility are computed in a coordinated manner by a PCE. This allows complete bandwidth sharing between backup tunnels protecting independent elements, while avoiding any extensions to TE LSP signaling. Both centralized and distributed computation models are applicable. In the distributed case each LSR can be a PCE to compute the paths of backup tunnels to protect against the failure of adjacent network links or nodes.

As stated in , there are two independent methods (one-to-one backup and facility backup) of doing fast reroute (FRR). PCE can be used to compute backup path for both of the methods. Cooperating PCEs may be used to compute inter-domain backup path. In case of one to one backup method, the destination MUST be the tail-end of the protected LSP. Whereas for facility backup, destination MUST be the address of the merge point (MP) from the corresponding point of local repair (PLR). The problem of finding the MP using the interface addresses or node-ids present in Record Route Object (RRO) of protected path can be easily solved in the case of a single Interior Gateway Protocol (IGP) area because the PLR has the complete Traffic Engineering Database (TED). Thus, the PLR can unambiguously determine - The MP address regardless of RRO IPv4 or IPv6 sub-objects (interface address or LSR ID). Does a backup tunnel intersecting a protected TE LSP on MP node exist? This is the case where facility backup tunnel already exists either due to another protected TE LSP or it is pre-configured. It is complex for a PLR to find the MP in case of boundary node protection for computing a bypass path because the PLR doesn't have the full TED visibility. When confidentiality (via path key) is enabled, finding MP is very complex. This document describes the mechanism to find MP and to setup bypass tunnel to protect a boundary node.

The Merge Point (MP) address is required at the PLR in order to select a bypass tunnel intersecting a protected Traffic Engineering Label Switched Path (TE LSP) on a downstream LSR. Some implementations may choose to pre-configure a bypass tunnel on PLR with destination address as MP. MP's Domain to be traversed by bypass path can be administratively configured or learned via some other means (ex Hierarchical PCE (HPCE) RFC 6805). Path Computation Client (PCC) on PLR can request its local PCE to compute bypass path from PLR to MP, excluding links and node between PLR and MP. At PLR once primary tunnel is up, a pre-configured bypass tunnel is bound to the primary tunnel, note that multiple bypass tunnels can also exist. Most implementations may choose to create a bypass tunnel on PLR after primary tunnel is signaled with Record Route Object (RRO) being present in primary path's Resource Reservation Protocol (RSVP) Path Reserve message. MP address has to be determined (described below) to create a bypass tunnel. PCC on PLR can request its local PCE to compute bypass path from PLR to MP, excluding links and node between PLR and MP.

R2->R3->R4->R5] Bypass LSP Path: [R2->R6->R7->R8->R4] ]]> In , R2 has to build a bypass tunnel that protects against the failure of link [R2->R3] and node [R3]. R2 is PLR and R4 is MP in this case. Since, both PLR and MP belong to the same area. The problem of finding the MP using the interface addresses or node-ids can be easily solved. Thus, the PLR can unambiguously find the MP address regardless of RRO IPv4 or IPv6 sub-objects (interface address or LSR ID) and also determine whether a backup tunnel intersecting a protected TE LSP on a downstream node (MP) already exists. TED on PLR will have the information of both R2 and R4, which can be used to find MP's TE router IP address and compute optimal backup path from R2 to R4, excluding link [R2->R3] and node [R3]. Thus, RSVP-TE can signal bypass tunnel along the computed path.

R2->R3->R4->R5] Bypass LSP Path: [R2->R6->R7->R8->R4] ]]> In , cooperating PCE(s) (PCE-1 and PCE-2) have computed the primary LSP Path [R1->R2->R3->R4->R5] and provided to R1 (PCC). R2 has to build a bypass tunnel that protects against the failure of link [R2->R3] and node [R3]. R2 is PLR and R4 is MP. Both PLR and MP are in different area. TED on PLR doesn't have the information of R4. The problem of finding the MP address in a network with inter-domain TE LSP is solved by inserting a node-id sub-object in the RRO object carried in the RSVP Path Reserve message. PLR can find out the MP from the RRO it has received in Path Reserve message from its downstream LSR. But the computation of optimal backup path from R2 to R4, excluding link [R2->R3] and node [R3] is not possible with running of Constrained Shortest Path First (CSPF) algorithm locally at R2. PCE can be used to compute backup path in this case. R2 acting as PCC on PLR can request PCE-1 to compute bypass path from PLR(R2) to MP(R4), excluding link [R2->R3] and node [R3]. PCE MAY use inter-domain path computation mechanism (like HPCE (RFC 6805) etc) when the domain information of MP is unknown at PLR. Further, RSVP-TE can signal bypass tunnel along the computed path.

R2->R3->R4->R5] Bypass LSP Path: [R2->R6->R7->R8->R4] ]]> In , Links [R2->R3] and [R2->R6] are inter-AS links. IGP extensions ( and ) describe the flooding of inter-AS TE information for inter-AS path computation. Cooperating PCE(s) (PCE-1 and PCE-2) have computed the primary LSP Path [R1->R2->R3->R4->R5] and provided to R1 (PCC). R2 is PLR and R4 is MP. Both PLR and MP are in different AS. TED on PLR doesn't have the information of R4. The address of MP can be found using node-id sub-object in the RRO object carried in the RSVP Path Reserve message. And Cooperating PCEs could be used to compute the inter-AS bypass path. Thus ASBR boundary node protection is similar to ABR protection.

defines a mechanism to hide the contents of a segment of a path, called the Confidential Path Segment (CPS). The CPS may be replaced by a path-key that can be conveyed in the PCE Communication Protocol (PCEP) and signaled within in a Resource Reservation Protocol TE (RSVP-TE) explicit route object. states that, when the signaling message crosses a domain boundary, the path segment that needs to be hidden (that is, a CPS) MAY be replaced in the RRO with a PKS. Note that RRO in Resv message carries the same PKS as originally signaled in the ERO of the Path message.

In , when path-key is enabled, cooperating PCE(s) (PCE-1 and PCE-2) have computed the primary LSP Path [R1->R2->R3->PKS->R9] and provided to R1 (PCC). When the ABR node (R3) replaces the CPS with PKS (as originally signaled) during the Reserve message handling, it MAY also add the immediate downstream node-id (R4) (so that the PLR (R2) can identify the MP (R4)). Further the PLR (R2) SHOULD remove the MP node-id (R4) before sending the Reserve message upstream to head end router. Once MP is identified, the backup path computation using PCE is as described earlier. ()

The address of MP can be found using the same mechanism as explained above. Thus ASBR boundary node protection is similar to ABR protection.

A PCE utilizing the extensions outlined in (Extensions to PCEP for Point-to-Multipoint Traffic Engineering Label Switched Paths), can be used to compute point-to-multipoint (P2MP) paths. A PCC requesting path computation for a primary and backup path can request that these dependent computations use diverse paths. Furthermore, the specification also defines two new options for P2MP path dependent computation requests. The first option allows the PCC to request that the PCE should compute a secondary P2MP path tree with partial path diversity for specific leaves or a specific source-to-leaf (sub-path to the primary P2MP path tree. The second option, allows the PCC to request that partial paths should be link direction diverse.

TBD

This document does not introduce new security issues. However, MP's node-id is carried as subobject in RRO across domain. This relaxation is required to find MP in case of BN protection. The security considerations pertaining to the , and protocols remain relevant.

This document makes no requests for IANA action.

We would like to thank Daniel King, Udayashree Palle, Sandeep Boina and Reeja Paul for their useful comments and suggestions.