Network Working Group A. Atlas, Ed. Request for Comments: 5286 BT Category: Standards Track A. Zinin, Ed. Alcatel-Lucent September 2008
Network Working Group A. Atlas, Ed. Request for Comments: 5286 BT Category: Standards Track A. Zinin, Ed. Alcatel-Lucent September 2008
Basic Specification for IP Fast Reroute: Loop-Free Alternates
IP快速重路由基本规范:无环路替代
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Abstract
摘要
This document describes the use of loop-free alternates to provide local protection for unicast traffic in pure IP and MPLS/LDP networks in the event of a single failure, whether link, node, or shared risk link group (SRLG). The goal of this technology is to reduce the packet loss that happens while routers converge after a topology change due to a failure. Rapid failure repair is achieved through use of precalculated backup next-hops that are loop-free and safe to use until the distributed network convergence process completes. This simple approach does not require any support from other routers. The extent to which this goal can be met by this specification is dependent on the topology of the network.
本文档描述了在发生单一故障(无论是链路、节点还是共享风险链路组(SRLG))时,使用无环路替代方案为纯IP和MPLS/LDP网络中的单播通信提供本地保护。这项技术的目标是减少路由器在因故障而改变拓扑结构后收敛时发生的数据包丢失。快速故障修复是通过使用预先计算的备份下一跳来实现的,在分布式网络融合过程完成之前,这些备份下一跳是无环的,可以安全使用。这种简单的方法不需要其他路由器的任何支持。本规范能够满足这一目标的程度取决于网络的拓扑结构。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Failure Scenarios . . . . . . . . . . . . . . . . . . . . 5 1.2. Requirement Language . . . . . . . . . . . . . . . . . . . 8 2. Applicability of Described Mechanisms . . . . . . . . . . . . 8 3. Alternate Next-Hop Calculation . . . . . . . . . . . . . . . . 9 3.1. Basic Loop-Free Condition . . . . . . . . . . . . . . . . 10 3.2. Node-Protecting Alternate Next-Hops . . . . . . . . . . . 10 3.3. Broadcast and Non-Broadcast Multi-Access (NBMA) Links . . 11 3.4. ECMP and Alternates . . . . . . . . . . . . . . . . . . . 12 3.5. Interactions with IS-IS Overload, RFC 3137, and Costed Out Links . . . . . . . . . . . . . . . . . . . . . . . . 13 3.5.1. Interactions with IS-IS Link Attributes . . . . . . . 14 3.6. Selection Procedure . . . . . . . . . . . . . . . . . . . 14 3.7. LFA Types and Trade-Offs . . . . . . . . . . . . . . . . . 18 3.8. A Simplification: Per-Next-Hop LFAs . . . . . . . . . . . 19 4. Using an Alternate . . . . . . . . . . . . . . . . . . . . . . 20 4.1. Terminating Use of Alternate . . . . . . . . . . . . . . . 20 5. Requirements on LDP Mode . . . . . . . . . . . . . . . . . . . 22 6. Routing Aspects . . . . . . . . . . . . . . . . . . . . . . . 22 6.1. Multi-Homed Prefixes . . . . . . . . . . . . . . . . . . . 22 6.2. IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.3. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.3.1. OSPF External Routing . . . . . . . . . . . . . . . . 24 6.3.2. OSPF Multi-Topology . . . . . . . . . . . . . . . . . 25 6.4. BGP Next-Hop Synchronization . . . . . . . . . . . . . . . 25 6.5. Multicast Considerations . . . . . . . . . . . . . . . . . 25 7. Security Considerations . . . . . . . . . . . . . . . . . . . 25 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 9.1. Normative References . . . . . . . . . . . . . . . . . . . 26 9.2. Informative References . . . . . . . . . . . . . . . . . . 26 Appendix A. OSPF Example Where LFA Based on Local Area Topology Is Insufficient . . . . . . . . . . . . . . 27
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Failure Scenarios . . . . . . . . . . . . . . . . . . . . 5 1.2. Requirement Language . . . . . . . . . . . . . . . . . . . 8 2. Applicability of Described Mechanisms . . . . . . . . . . . . 8 3. Alternate Next-Hop Calculation . . . . . . . . . . . . . . . . 9 3.1. Basic Loop-Free Condition . . . . . . . . . . . . . . . . 10 3.2. Node-Protecting Alternate Next-Hops . . . . . . . . . . . 10 3.3. Broadcast and Non-Broadcast Multi-Access (NBMA) Links . . 11 3.4. ECMP and Alternates . . . . . . . . . . . . . . . . . . . 12 3.5. Interactions with IS-IS Overload, RFC 3137, and Costed Out Links . . . . . . . . . . . . . . . . . . . . . . . . 13 3.5.1. Interactions with IS-IS Link Attributes . . . . . . . 14 3.6. Selection Procedure . . . . . . . . . . . . . . . . . . . 14 3.7. LFA Types and Trade-Offs . . . . . . . . . . . . . . . . . 18 3.8. A Simplification: Per-Next-Hop LFAs . . . . . . . . . . . 19 4. Using an Alternate . . . . . . . . . . . . . . . . . . . . . . 20 4.1. Terminating Use of Alternate . . . . . . . . . . . . . . . 20 5. Requirements on LDP Mode . . . . . . . . . . . . . . . . . . . 22 6. Routing Aspects . . . . . . . . . . . . . . . . . . . . . . . 22 6.1. Multi-Homed Prefixes . . . . . . . . . . . . . . . . . . . 22 6.2. IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.3. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.3.1. OSPF External Routing . . . . . . . . . . . . . . . . 24 6.3.2. OSPF Multi-Topology . . . . . . . . . . . . . . . . . 25 6.4. BGP Next-Hop Synchronization . . . . . . . . . . . . . . . 25 6.5. Multicast Considerations . . . . . . . . . . . . . . . . . 25 7. Security Considerations . . . . . . . . . . . . . . . . . . . 25 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 9.1. Normative References . . . . . . . . . . . . . . . . . . . 26 9.2. Informative References . . . . . . . . . . . . . . . . . . 26 Appendix A. OSPF Example Where LFA Based on Local Area Topology Is Insufficient . . . . . . . . . . . . . . 27
Applications for interactive multimedia services such as Voice over IP (VoIP) and pseudowires can be very sensitive to traffic loss, such as occurs when a link or router in the network fails. A router's convergence time is generally on the order of hundreds of milliseconds; the application traffic may be sensitive to losses greater than tens of milliseconds.
IP语音(VoIP)和伪线等交互式多媒体服务的应用程序对流量丢失非常敏感,例如当网络中的链路或路由器发生故障时。路由器的收敛时间通常在数百毫秒左右;应用程序流量可能对大于数十毫秒的损失敏感。
As discussed in [FRAMEWORK], minimizing traffic loss requires a mechanism for the router adjacent to a failure to rapidly invoke a repair path, which is minimally affected by any subsequent re-convergence. This specification describes such a mechanism that allows a router whose local link has failed to forward traffic to a pre-computed alternate until the router installs the new primary next-hops based upon the changed network topology. The terminology used in this specification is given in [FRAMEWORK]. The described mechanism assumes that routing in the network is performed using a link-state routing protocol -- OSPF [RFC2328] [RFC2740] [RFC5340] or IS-IS [RFC1195] [RFC2966] (for IPv4 or IPv6). The mechanism also assumes that both the primary path and the alternate path are in the same routing area.
正如[框架]中所讨论的,最小化流量损失需要一种机制,使故障附近的路由器能够快速调用修复路径,而修复路径受任何后续重新收敛的影响最小。本规范描述了这样一种机制,该机制允许其本地链路无法将流量转发到预先计算的备用路由,直到路由器基于更改的网络拓扑安装新的主下一跳。本规范中使用的术语见[框架]。所述机制假设使用链路状态路由协议——OSPF[RFC2328][RFC2740][RFC5340]或is-is[RFC1195][RFC2966](用于IPv4或IPv6)执行网络中的路由。该机制还假设主路径和备用路径都位于同一路由区域中。
When a local link fails, a router currently must signal the event to its neighbors via the IGP, recompute new primary next-hops for all affected prefixes, and only then install those new primary next-hops into the forwarding plane. Until the new primary next-hops are installed, traffic directed towards the affected prefixes is discarded. This process can take hundreds of milliseconds.
当本地链路发生故障时,路由器当前必须通过IGP向其邻居发送事件信号,为所有受影响的前缀重新计算新的主下一跳,然后才将这些新的主下一跳安装到转发平面中。在安装新的主下一跳之前,指向受影响前缀的流量将被丢弃。此过程可能需要数百毫秒。
<-- +-----+ /------| S |--\ / +-----+ \ / 5 8 \ / \ +-----+ +-----+ | E | | N_1 | +-----+ +-----+ \ / \ \ 4 3 / / \| \ / |/ -+ \ +-----+ / +- \---| D |---/ +-----+
<-- +-----+ /------| S |--\ / +-----+ \ / 5 8 \ / \ +-----+ +-----+ | E | | N_1 | +-----+ +-----+ \ / \ \ 4 3 / / \| \ / |/ -+ \ +-----+ / +- \---| D |---/ +-----+
Figure 1: Basic Topology
图1:基本拓扑
The goal of IP Fast Reroute (IPFRR) is to reduce failure reaction time to 10s of milliseconds by using a pre-computed alternate next-hop, in the event that the currently selected primary next-hop fails, so that the alternate can be rapidly used when the failure is detected. A network with this feature experiences less traffic loss and less micro-looping of packets than a network without IPFRR. There are cases where traffic loss is still a possibility since IPFRR coverage varies, but in the worst possible situation a network with IPFRR is equivalent with respect to traffic convergence to a network without IPFRR.
IP快速重路由(IPFRR)的目标是在当前选定的主下一跳失败的情况下,通过使用预先计算的备用下一跳,将故障反应时间减少到10毫秒,以便在检测到故障时可以快速使用备用下一跳。与没有IPFRR的网络相比,具有此功能的网络经历更少的流量损失和更少的数据包微循环。在某些情况下,由于IPFRR覆盖范围不同,仍有可能出现流量损失,但在最坏的情况下,具有IPFRR的网络在流量聚合方面与没有IPFRR的网络相当。
To clarify the behavior of IP Fast Reroute, consider the simple topology in Figure 1. When router S computes its shortest path to router D, router S determines to use the link to router E as its primary next-hop. Without IP Fast Reroute, that link is the only next-hop that router S computes to reach D. With IP Fast Reroute, S also looks for an alternate next-hop to use. In this example, S would determine that it could send traffic destined to D by using the link to router N_1 and therefore S would install the link to N_1 as its alternate next-hop. At some later time, the link between router S and router E could fail. When that link fails, S and E will be the first to detect it. On detecting the failure, S will stop sending traffic destined for D towards E via the failed link, and instead send the traffic to S's pre-computed alternate next-hop, which is the link to N_1, until a new SPF is run and its results are installed. As with the primary next-hop, an alternate next-hop is computed for each destination. The process of computing an alternate next-hop does not alter the primary next-hop computed via a standard SPF.
为了阐明IP快速重路由的行为,考虑图1中的简单拓扑结构。当路由器S计算其到路由器D的最短路径时,路由器S决定使用到路由器E的链路作为其主要下一跳。没有IP快速重路由,该链路是路由器S计算到达D的唯一下一跳。有了IP快速重路由,S还寻找备用下一跳使用。在这个例子中,S将确定它可以通过使用到路由器N_1的链路来发送目的地为D的通信量,因此S将安装到N_1的链路作为其备用下一跳。稍后,路由器S和路由器E之间的链路可能会失败。当该链路发生故障时,S和E将首先检测到它。在检测到故障时,S将停止通过故障链路向E发送目的地为D的通信量,而是将通信量发送到S预先计算的备用下一跳,即到N_1的链路,直到运行新的SPF并安装其结果为止。与主下一跳一样,为每个目的地计算备用下一跳。计算备用下一跳的过程不会改变通过标准SPF计算的主下一跳。
If in the example of Figure 1, the link cost from N_1 to D increased to 30 from 3, then N_1 would not be a loop-free alternate, because the cost of the path from N_1 to D via S would be 17 while the cost from N_1 directly to D would be 30. In real networks, we may often face this situation. The existence of a suitable loop-free alternate next-hop is dependent on the topology and the nature of the failure for which the alternate is calculated.
如果在图1的示例中,从N_1到D的链路成本从3增加到30,那么N_1将不是一个无循环的备选方案,因为从N_1到D经由S的路径的成本将是17,而从N_1直接到D的成本将是30。在真实的网络中,我们经常会遇到这种情况。下一跳是否存在合适的无环备选方案取决于计算备选方案的拓扑和故障性质。
This specification uses the terminology introduced in [FRAMEWORK]. In particular, it uses Distance_opt(X,Y), abbreviated to D_opt(X,Y), to indicate the shortest distance from X to Y. S is used to indicate the calculating router. N_i is a neighbor of S; N is used as an abbreviation when only one neighbor is being discussed. D is the destination under consideration.
本规范使用[框架]中介绍的术语。特别是,它使用距离_opt(X,Y),缩写为D_opt(X,Y),表示从X到Y的最短距离。S用于表示正在计算的路由器。努伊是S的邻居;当只讨论一个邻居时,N用作缩写。D是正在考虑的目的地。
A neighbor N can provide a loop-free alternate (LFA) if and only if
当且仅当
Distance_opt(N, D) < Distance_opt(N, S) + Distance_opt(S, D)
Distance_opt(N, D) < Distance_opt(N, S) + Distance_opt(S, D)
Inequality 1: Loop-Free Criterion
不等式1:无环判据
A subset of loop-free alternates are downstream paths that must meet a more restrictive condition that is applicable to more complex failure scenarios:
无回路备选方案的子集是下游路径,必须满足适用于更复杂故障场景的更严格条件:
Distance_opt(N, D) < Distance_opt(S, D)
Distance_opt(N, D) < Distance_opt(S, D)
Inequality 2: Downstream Path Criterion
不等式2:下游路径准则
The alternate next-hop can protect against a single link failure, a single node failure, failure of one or more links within a shared risk link group, or a combination of these. Whenever a failure occurs that is more extensive than what the alternate was intended to protect, there is the possibility of temporarily looping traffic (note again, that such a loop would only last until the next complete SPF calculation). The example where a node fails when the alternate provided only link protection is illustrated below. If unexpected simultaneous failures occur, then micro-looping may occur since the alternates are not pre-computed to avoid the set of failed links.
备用下一跳可以防止单个链路故障、单个节点故障、共享风险链路组内的一个或多个链路故障或这些故障的组合。无论何时发生的故障范围超过备用设备的预期保护范围,都有可能临时循环流量(再次注意,这种循环只会持续到下一次完整的SPF计算)。下面举例说明了当备用链路仅提供链路保护时节点发生故障的示例。如果发生意外的同时故障,则可能发生微循环,因为没有预先计算备选方案以避免故障链路集。
If only link protection is provided and the node fails, it is possible for traffic using the alternates to experience micro-looping. This issue is illustrated in Figure 2. If Link(S->E) fails, then the link-protecting alternate via N will work correctly. However, if router E fails, then both S and N will detect a failure and switch to their alternates. In this example, that would cause S to redirect the traffic to N and N to redirect the traffic to S and thus causing a forwarding loop. Such a scenario can arise because the key assumption, that all other routers in the network are forwarding based upon the shortest path, is violated because of a second simultaneous correlated failure -- another link connected to the same primary neighbor. If there are not other protection mechanisms to handle node failure, a node failure is still a concern when only using link-protecting LFAs.
如果只提供了链路保护,而节点出现故障,则使用备用节点的流量可能会经历微循环。这个问题如图2所示。如果链路(S->E)出现故障,则通过N保护备用链路的链路将正常工作。然而,如果路由器E出现故障,则S和N都将检测到故障并切换到它们的备用路由器。在本例中,这将导致S将流量重定向到N,N将流量重定向到S,从而导致转发循环。出现这种情况的原因是,由于第二个同时发生的相关故障,即连接到同一主邻居的另一条链路,违反了关键假设,即网络中所有其他路由器都基于最短路径进行转发。如果没有其他保护机制来处理节点故障,那么当仅使用链路保护LFA时,节点故障仍然是一个问题。
<@@@ @@@> +-----+ +-----+ | S |-------| N | +-+---+ 5 +-----+ | | | 5 4 | | | | | \|/ \|/ | | | +-----+ | +----| E |---+ +--+--+ | | | 10 | +--+--+ | D | +-----+
<@@@ @@@> +-----+ +-----+ | S |-------| N | +-+---+ 5 +-----+ | | | 5 4 | | | | | \|/ \|/ | | | +-----+ | +----| E |---+ +--+--+ | | | 10 | +--+--+ | D | +-----+
Figure 2: Link-Protecting Alternates Causing Loop on Node Failure
图2:导致节点上环路故障的链路保护交替
Micro-looping of traffic via the alternates caused when a more extensive failure than planned for occurs can be prevented via selection of only downstream paths as alternates. A micro-loop due to the use of alternates can be avoided by using downstream paths because each succeeding router in the path to the destination must be closer to the destination than its predecessor (according to the topology prior to the failures). Although use of downstream paths ensures that the micro-looping via alternates does not occur, such a restriction can severely limit the coverage of alternates. In Figure 2, S would be able to use N as a downstream alternate, but N could not use S; therefore, N would have no alternate and would discard the traffic, thus avoiding the micro-loop.
当发生比计划范围更大的故障时,可通过仅选择下游路径作为备用路径来防止通过备用路径产生的流量微循环。使用下游路径可以避免由于使用备用路径而产生的微循环,因为到达目的地的路径中的每个后续路由器必须比其前一个路由器更靠近目的地(根据故障之前的拓扑)。尽管下游路径的使用确保了通过替代品的微循环不会发生,但这种限制会严重限制替代品的覆盖范围。在图2中,S可以使用N作为下游替代品,但N不能使用S;因此,N将没有备用,并将丢弃通信量,从而避免微循环。
As shown above, the use of either a node-protecting LFA (described in Section 3.2) or a downstream path provides protection against micro-looping in the event of node failure. There are topologies where there may be either a node-protecting LFA, a downstream path, both, or neither. A node may select either a node-protecting LFA or a downstream path without risk of causing micro-loops in the event of neighbor node failure. While a link-and-node-protecting LFA guarantees protection against either link or node failure, a downstream path provides protection only against a link failure and may or may not provide protection against a node failure depending on the protection available at the downstream node, but it cannot cause a micro-loop. For example, in Figure 2, if S uses N as a downstream path, although no looping can occur, the traffic will not be
如上所示,使用节点保护LFA(如第3.2节所述)或下游路径可在节点发生故障时提供防止微环的保护。存在这样的拓扑,其中可能存在保护LFA的节点、下游路径,两者都有,或者两者都没有。节点可以选择保护LFA的节点或下游路径,而不存在在邻居节点故障的情况下导致微环的风险。虽然保护LFA的链路和节点保证针对链路或节点故障的保护,但下游路径仅针对链路故障提供保护,并且可能或可能不针对节点故障提供保护,这取决于下游节点处可用的保护,但它不能导致微环。例如,在图2中,如果S使用N作为下游路径,尽管不可能发生循环,但流量将不会增加
protected in the event of the failure of node E because N has no viable repair path, and it will simply discard the packet. However, if N had a link-and-node-protecting LFA or downstream path via some other path (not shown), then the repair may succeed.
在节点E发生故障时受到保护,因为N没有可行的修复路径,它将简单地丢弃数据包。然而,如果N具有通过某个其他路径(未显示)保护LFA或下游路径的链路和节点,则修复可能成功。
Since the functionality of link-and-node-protecting LFAs is greater than that of link-protecting downstream paths, a router SHOULD select a link-and-node-protecting LFA over a link-protecting downstream path. If there are any destinations for which a link-and-node-protecting LFA is not available, then by definition the path to all of those destinations from any neighbor of the computing router (S) must be through the node (E) being protected (otherwise there would be a node protecting LFA for that destination). Consequently, if there exists a downstream path to the protected node as destination, then that downstream path may be used for all those destinations for which a link-and-node-protecting LFA is not available; the existence of a downstream path can be determined by a single check of the condition Distance_opt(N, E) < Distance_opt(S, E).
由于链路和节点保护LFA的功能大于链路保护下游路径的功能,路由器应选择链路和节点保护LFA而不是链路保护下游路径。如果有任何目的地的链路和节点保护LFA不可用,则根据定义,从计算路由器的任何邻居到所有这些目的地的路径必须通过被保护的节点(E)(否则将有一个节点保护该目的地的LFA)。因此,如果存在到作为目的地的受保护节点的下游路径,则该下游路径可用于链路和节点保护LFA不可用的所有那些目的地;下游路径的存在可以通过对条件距离_opt(N,E)<距离_opt(S,E)的单个检查来确定。
It may be desirable to find an alternate that can protect against other correlated failures (of which node failure is a specific instance). In the general case, these are handled by shared risk link groups (SRLGs) where any links in the network can belong to the SRLG. General SRLGs may add unacceptably to the computational complexity of finding a loop-free alternate.
可能需要找到一个替代方案,以防止其他相关故障(其中节点故障是一个特定实例)。在一般情况下,这些由共享风险链接组(SRLG)处理,其中网络中的任何链接都可以属于SRLG。一般的SRLGs可能会增加查找无循环替代的计算复杂性,这是不可接受的。
However, a sub-category of SRLGs is of interest and can be applied only during the selection of an acceptable alternate. This sub-category is to express correlated failures of links that are connected to the same router, for example, if there are multiple logical sub-interfaces on the same physical interface, such as VLANs on an Ethernet interface, if multiple interfaces use the same physical port because of channelization, or if multiple interfaces share a correlated failure because they are on the same line-card. This sub-category of SRLGs will be referred to as local-SRLGs. A local-SRLG has all of its member links with one end connected to the same router. Thus, router S could select a loop-free alternate that does not use a link in the same local-SRLG as the primary next-hop. The failure of local-SRLGs belonging to E can be protected against via node protection, i.e., picking a loop-free node-protecting alternate.
然而,SRLGs的一个子类是值得关注的,并且只能在选择可接受的备选方案期间应用。此子类别表示连接到同一路由器的链路的相关故障,例如,如果同一物理接口上有多个逻辑子接口,例如以太网接口上的VLAN,如果多个接口由于信道化而使用同一物理端口,或者如果多个接口共享相关故障,因为它们位于同一线路卡上。该子类别的SRLGs将被称为本地SRLGs。本地SRLG的所有成员链路的一端连接到同一路由器。因此,路由器S可以选择不使用与主下一跳相同的本地SRLG中的链路的无环路备用。属于E的本地SRLGs的故障可以通过节点保护进行保护,即选择一个无环节点保护备用节点。
Where SRLG protection is provided, it is in the context of the particular OSPF or IS-IS area, whose topology is used in the SPF computations to compute the loop-free alternates. If an SRLG contains links in multiple areas, then separate SRLG-protecting alternates would be required in each area that is traversed by the affected traffic.
如果提供SRLG保护,则在特定OSPF或is-is区域的上下文中,其拓扑用于SPF计算,以计算无回路备用。如果一个SRLG在多个区域中包含链路,则受影响的流量所经过的每个区域都需要单独的SRLG保护备选方案。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
IP Fast Reroute mechanisms described in this memo cover intra-domain routing only, with OSPF [RFC2328] [RFC2740] [RFC5340] or IS-IS [RFC1195] [RFC2966] as the IGP. Specifically, Fast Reroute for BGP inter-domain routing is not part of this specification.
本备忘录中描述的IP快速重路由机制仅包括域内路由,其中OSPF[RFC2328][RFC2740][RFC5340]或IS-IS[RFC1195][RFC2966]作为IGP。具体而言,BGP域间路由的快速重路由不属于本规范的一部分。
Certain aspects of OSPF inter-area routing behavior explained in Section 6.3 and Appendix A impact the ability of the router calculating the backup next-hops to assess traffic trajectories. In order to avoid micro-looping and ensure required coverage, certain constraints are applied to multi-area OSPF networks:
第6.3节和附录A中解释的OSPF区域间路由行为的某些方面会影响路由器计算备份下一跳以评估流量轨迹的能力。为了避免微环并确保所需的覆盖范围,对多区域OSPF网络应用了某些约束:
a. Loop-free alternates should not be used in the backbone area if there are any virtual links configured unless, for each transit area, there is a full mesh of virtual links between all Area Border Routers (ABRs) in that area. Loop-free alternates may be used in non-backbone areas regardless of whether there are virtual links configured.
a. 如果主干区域中配置了任何虚拟链路,则不应使用无环备用,除非对于每个传输区域,该区域中的所有区域边界路由器(ABR)之间存在完整的虚拟链路网格。无论是否配置了虚拟链路,都可以在非主干区域中使用无环路替代方案。
b. Loop-free alternates should not be used for inter-area routes in an area that contains more than one alternate ABR [RFC3509].
b. 对于包含多个备用ABR的区域内的区域间路由,不应使用无环路备用ABR[RFC3509]。
c. Loop-free alternates should not be used for AS External routes or Autonomous System Border Router (ASBR) routes in a non-backbone area of a network where there exists an ABR that is announced as an ASBR in multiple non-backbone areas and there exists another ABR that is in at least two of the same non-backbone areas.
c. 如果在多个非主干区域中存在一个被宣布为ASBR的ABR,并且在至少两个相同的非主干区域中存在另一个ABR,则无环路备用线路不应用作网络非主干区域中的外部路由或自治系统边界路由器(ASBR)路由。
d. Loop-free alternates should not be used in a non-backbone area of a network for AS External routes where an AS External prefix is advertised with the same type of external metric by multiple ASBRs, which are in different non-backbone areas, with a forwarding address of 0.0.0.0 or by one or more ASBRs with forwarding addresses in multiple non-backbone areas when an ABR exists simultaneously in two or more of those non-backbone areas.
d. 对于AS外部路由,不应在网络的非主干区域中使用无环路替代方案,其中AS外部前缀由位于不同非主干区域的多个ASBR以相同类型的外部度量进行广告,转发地址为0.0.0.0或由一个或多个ASBR发送,当ABR同时存在于两个或多个非主干区域时,转发地址位于多个非主干区域。
In addition to the set of primary next-hops obtained through a shortest path tree (SPT) computation that is part of standard link-state routing functionality, routers supporting IP Fast Reroute also calculate a set of backup next-hops that are engaged when a local failure occurs. These backup next-hops are calculated to provide the required type of protection (i.e., link-protecting and/or node-protecting) and to guarantee that when the expected failure occurs, forwarding traffic through them will not result in a loop. Such next-hops are called loop-free alternates or LFAs throughout this specification.
除了通过作为标准链路状态路由功能一部分的最短路径树(SPT)计算获得的一组主要下一跳外,支持IP快速重路由的路由器还计算一组在发生本地故障时启用的备份下一跳。计算这些备份下一个跃点是为了提供所需类型的保护(即链路保护和/或节点保护),并确保在发生预期故障时,通过它们转发的流量不会导致环路。在本规范中,这种下一跳称为无环交替或LFA。
In general, to be able to calculate the set of LFAs for a specific destination D, a router needs to know the following basic pieces of information:
通常,为了能够计算特定目的地D的LFA集,路由器需要知道以下基本信息:
o Shortest-path distance from the calculating router to the destination (Distance_opt(S, D))
o 从计算路由器到目的地的最短路径距离(距离_opt(S,D))
o Shortest-path distance from the router's IGP neighbors to the destination (Distance_opt(N, D))
o 从路由器的IGP邻居到目的地的最短路径距离(距离_opt(N,D))
o Shortest path distance from the router's IGP neighbors to itself (Distance_opt(N, S))
o 从路由器的IGP邻居到自身的最短路径距离(距离_opt(N,s))
o Distance_opt(S, D) is normally available from the regular SPF calculation performed by the link-state routing protocols. Distance_opt(N, D) and Distance_opt(N, S) can be obtained by performing additional SPF calculations from the perspective of each IGP neighbor (i.e., considering the neighbor's vertex as the root of the SPT--called SPT(N) hereafter--rather than the calculating router's one, called SPT(S)).
o 距离_opt(S,D)通常可从链路状态路由协议执行的常规SPF计算中获得。距离_opt(N,D)和距离_opt(N,S)可以通过从每个IGP邻居的角度执行额外的SPF计算来获得(即,将邻居的顶点视为SPT的根,下文称为SPT(N),而不是计算路由器的顶点,称为SPT(S))。
This specification defines a form of SRLG protection limited to those SRLGs that include a link to which the calculating router is directly connected. Only that set of SRLGs could cause a local failure; the calculating router only computes alternates to handle a local failure. Information about local link SRLG membership is manually configured. Information about remote link SRLG membership may be dynamically obtained using [RFC4205] or [RFC4203]. Define SRLG_local(S) to be the set of SRLGs that include a link to which the calculating router S is directly connected Only SRLG_local(S) is of interest during the calculation, but the calculating router must correctly handle changes to SRLG_local(S) triggered by local link SRLG membership changes.
本规范定义了一种SRLG保护形式,仅限于包括计算路由器直接连接的链路的SRLG。只有该组SRLGs可能导致局部故障;计算路由器仅计算备选方案以处理本地故障。有关本地链接SRLG成员资格的信息是手动配置的。可使用[RFC4205]或[RFC4203]动态获取有关远程链路SRLG成员资格的信息。将SRLG_本地定义为一组SRLGs,其中包括计算路由器直接连接到的链路。在计算过程中,只有SRLG_本地感兴趣,但计算路由器必须正确处理由本地链路SRLG成员身份更改触发的对SRLG_本地的更改。
In order to choose among all available LFAs that provide required SRLG protection for a given destination, the calculating router needs to track the set of SRLGs in SRLG_local(S) that the path through a specific IGP neighbor involves. To do so, each node D in the network topology is associated with SRLG_set(N, D), which is the set of SRLGs that would be crossed if traffic to D was forwarded through N. To calculate this set, the router initializes SRLG_set(N, N) for each of its IGP neighbors to be empty. During the SPT(N) calculation, when a new vertex V is added to the SPT, its SRLG_set(N, V) is set to the union of SRLG sets associated with its parents, and the SRLG sets in SRLG_local(S) that are associated with the links from V's parents to V. The union of the set of SRLGs associated with a candidate alternate next-hop and the SRLG_set(N, D) for the neighbor reached via that candidate next-hop is used to determine SRLG protection.
为了在为给定目的地提供所需SRLG保护的所有可用lfa中进行选择,计算路由器需要跟踪通过特定IGP邻居的路径所涉及的SRLG_本地中的SRLG集。为此,网络拓扑中的每个节点D都与SRLG_集(N,D)相关联,SRLG_集(N,D)是通过N转发到D的流量时将被交叉的SRLG集。为了计算该集,路由器将其每个IGP邻居的SRLG_集(N,N)初始化为空。在SPT(N)计算期间,当向SPT添加新顶点V时,其SRLG_集(N,V)被设置为与其父节点关联的SRLG集的并集,以及与从V的父节点到V的链接关联的SRLG_本地节点中的SRLG集的并集。与候选备选下一跳节点关联的SRLG集和SRLG_集(N,D)的并集对于通过该候选到达的邻居,下一跳用于确定SRLG保护。
The following sections provide information required for calculation of LFAs. Sections 3.1 through 3.4 define different types of LFA conditions. Section 3.5 describes constraints imposed by the IS-IS overload and OSPF stub router functionality. Section 3.6 defines the summarized algorithm for LFA calculation using the definitions in the previous sections.
以下章节提供了计算LFA所需的信息。第3.1节至第3.4节定义了不同类型的LFA条件。第3.5节描述了IS-IS过载和OSPF存根路由器功能施加的约束。第3.6节使用前几节中的定义定义了LFA计算的汇总算法。
Alternate next hops used by implementations following this specification MUST conform to at least the loop-freeness condition stated above in Inequality 1. This condition guarantees that forwarding traffic to an LFA will not result in a loop after a link failure.
遵循本规范的实现所使用的备用下一跳必须至少符合等式1中所述的无循环条件。此条件保证将流量转发到LFA不会在链路故障后导致循环。
Further conditions may be applied when determining link-protecting and/or node-protecting alternate next-hops as described in Sections 3.2 and 3.3.
如第3.2节和第3.3节所述,在确定链路保护和/或节点保护备用下一跳时,可应用其他条件。
For an alternate next-hop N to protect against node failure of a primary neighbor E for destination D, N must be loop-free with respect to both E and D. In other words, N's path to D must not go through E. This is the case if Inequality 3 is true, where N is the neighbor providing a loop-free alternate.
对于备用下一跳N,为了防止目的地D的主邻居E的节点故障,N必须相对于E和D是无环的。换句话说,N到D的路径不能经过E。如果不等式3为真,则情况就是这样,其中N是提供无环备用的邻居。
Distance_opt(N, D) < Distance_opt(N, E) + Distance_opt(E, D)
Distance_opt(N, D) < Distance_opt(N, E) + Distance_opt(E, D)
Inequality 3: Criteria for a Node-Protecting Loop-Free Alternate
不等式3:节点保护无环替换的标准
If Distance_opt(N,D) = Distance_opt(N, E) + Distance_opt(E, D), it is possible that N has equal-cost paths and one of those could provide protection against E's node failure. However, it is equally possible that one of N's paths goes through E, and the calculating router has no way to influence N's decision to use it. Therefore, it SHOULD be assumed that an alternate next-hop does not offer node protection if Inequality 3 is not met.
如果Distance_opt(N,D)=Distance_opt(N,E)+Distance_opt(E,D),则N可能具有相同的代价路径,其中一个路径可以针对E的节点故障提供保护。然而,同样可能的是,N的路径中的一条通过E,并且计算路由器没有办法影响N使用它的决定。因此,如果不满足不等式3,则应假设备用下一跳不提供节点保护。
Verification of the link-protection property of a next-hop in the case of a broadcast link is more elaborate than for a point-to-point link. This is because a broadcast link is represented as a pseudo-node with zero-cost links connecting it to other nodes.
在广播链路的情况下,下一跳链路保护属性的验证比点对点链路的验证更为复杂。这是因为广播链路被表示为伪节点,其零成本链路将广播链路连接到其他节点。
Because failure of an interface attached to a broadcast segment may mean loss of connectivity of the whole segment, the condition described for broadcast link protection is pessimistic and requires that the alternate is loop-free with regard to the pseudo-node. Consider the example in Figure 3.
由于连接到广播段的接口的故障可能意味着整个段的连接丢失,因此为广播链路保护描述的条件是悲观的,并且要求备用链路对于伪节点是无环的。考虑图3中的示例。
+-----+ 15 | S |-------- +-----+ | | 5 | | | | 0 | /----\ 0 5 +-----+ | PN |-----| N | \----/ +-----+ | 0 | | | 8 | 5 | +-----+ 5 +-----+ | E |----| D | +-----+ +-----+
+-----+ 15 | S |-------- +-----+ | | 5 | | | | 0 | /----\ 0 5 +-----+ | PN |-----| N | \----/ +-----+ | 0 | | | 8 | 5 | +-----+ 5 +-----+ | E |----| D | +-----+ +-----+
Figure 3: Loop-Free Alternate That Is Link-Protecting
图3:链路保护的无环替代方案
In Figure 3, N offers a loop-free alternate that is link-protecting. If the primary next-hop uses a broadcast link, then an alternate SHOULD be loop-free with respect to that link's pseudo-node (PN) to provide link protection. This requirement is described in Inequality 4 below.
在图3中,N提供了一个无循环的替代方案,即链路保护。如果主下一跳使用广播链路,则备用链路应与该链路的伪节点(PN)无环路,以提供链路保护。这一要求在下面的等式4中描述。
D_opt(N, D) < D_opt(N, PN) + D_opt(PN, D)
D_opt(N, D) < D_opt(N, PN) + D_opt(PN, D)
Inequality 4: Loop-Free Link-Protecting Criterion for Broadcast Links
不等式4:广播链路的无环链路保护准则
Because the shortest path from the pseudo-node goes through E, if a loop-free alternate from a neighbor N is node-protecting, the alternate will also be link-protecting unless the router S can only reach the alternate neighbor N via the same pseudo-node. Since this is the only case for which a node-protecting LFA is not link-protecting, this implies that for point-to-point interfaces, an LFA that is node-protecting is always link-protecting. Because S can direct the traffic away from the shortest path to use the alternate N, traffic might pass through the same broadcast link as it would when S sent the traffic to the primary E. Thus, an LFA from N that is node-protecting is not automatically link-protecting for a broadcast or NBMA link.
因为来自伪节点的最短路径经过E,如果来自邻居N的无环路备用节点是节点保护的,则备用节点也将是链路保护的,除非路由器S只能通过相同的伪节点到达备用邻居N。由于这是保护LFA的节点不进行链路保护的唯一情况,这意味着对于点到点接口,保护节点的LFA始终进行链路保护。由于S可以将通信量从最短路径引开,以使用备用N,因此通信量可能会通过与S将通信量发送到主E时相同的广播链路。因此,来自N的节点保护LFA不会自动对广播或NBMA链路进行链路保护。
To obtain link protection, it is necessary both that the path from the selected alternate next-hop does not traverse the link of interest and that the link used from S to reach that alternate next-hop is not the link of interest. The latter can only occur with non-point-to-point links. Therefore, if the primary next-hop is across a broadcast or NBMA interface, it is necessary to consider link protection during the alternate selection. To clarify, consider the topology in Figure 3. For N to provide link protection, it is first necessary that N's shortest path to D does not traverse the pseudo-node PN. Second, it is necessary that the alternate next-hop selected by S does not traverse PN. In this example, S's shortest path to N is via the pseudo-node. Thus, to obtain link protection, S must find a next-hop to N (the point-to-point link from S to N in this example) that avoids the pseudo-node PN.
为了获得链路保护,必须确保来自所选备用下一跳的路径不穿过感兴趣的链路,并且从S到达该备用下一跳所使用的链路不是感兴趣的链路。后者只能发生在非点对点链接中。因此,如果主下一跳跨越广播或NBMA接口,则在交替选择期间必须考虑链路保护。为了澄清,请考虑图3中的拓扑结构。为使N提供链路保护,首先需要N到D的最短路径不穿过伪节点PN。其次,S选择的备用下一跳必须不穿过PN。在本例中,S到N的最短路径是通过伪节点。因此,为了获得链路保护,S必须找到下一跳到N(在本例中是从S到N的点对点链路),以避免伪节点PN。
Similar consideration of the link from S to the selected alternate next-hop as well as the path from the selected alternate next-hop is also necessary for SRLG protection. S's shortest path to the selected neighbor N may not be acceptable as an alternate next-hop to provide SRLG protection, even if the path from N to D can provide SRLG protection.
对于SRLG保护,同样需要考虑从S到所选备用下一跳的链路以及从所选备用下一跳的路径。S到所选邻居N的最短路径可能不可接受作为提供SRLG保护的备选下一跳,即使从N到D的路径可以提供SRLG保护。
With Equal-Cost Multi-Path (ECMP), a prefix may have multiple primary next-hops that are used to forward traffic. When a particular primary next-hop fails, alternate next-hops should be used to preserve the traffic. These alternate next-hops may themselves also be primary next-hops, but need not be. Other primary next-hops are not guaranteed to provide protection against the failure scenarios of concern.
对于等成本多路径(ECMP),前缀可能有多个用于转发流量的主下一跳。当特定的主下一跳失败时,应使用备用下一跳来保持通信量。这些备用下一跳本身也可以是主下一跳,但不必是。其他主要下一跳不保证针对所关注的故障场景提供保护。
20 L1 L3 3 [ N ]----[ S ]--------[ E3 ] | | | | 5 | L2 | 20 | | | | --------- | 2 | 5 | | 5 | | [ E1 ] [ E2 ]-----| | | | | 10 | 10 | |---[ A ] [ B ] | | 2 |--[ D ]-| 2
20 L1 L3 3 [ N ]----[ S ]--------[ E3 ] | | | | 5 | L2 | 20 | | | | --------- | 2 | 5 | | 5 | | [ E1 ] [ E2 ]-----| | | | | 10 | 10 | |---[ A ] [ B ] | | 2 |--[ D ]-| 2
Figure 4: ECMP Where Primary Next-Hops Provide Limited Protection
图4:ECMP,其中主下一跳提供有限的保护
In Figure 4 S has three primary next-hops to reach D; these are L2 to E1, L2 to E2, and L3 to E3. The primary next-hop L2 to E1 can obtain link and node protection from L3 to E3, which is one of the other primary next-hops; L2 to E1 cannot obtain link protection from the other primary next-hop L2 to E2. Similarly, the primary next-hop L2 to E2 can only get node protection from L2 to E1 and can only get link protection from L3 to E3. The third primary next-hop L3 to E3 can obtain link and node protection from L2 to E1 and from L2 to E2. It is possible for both the primary next-hop L2 to E2 and the primary next-hop L2 to E1 to obtain an alternate next-hop that provides both link and node protection by using L1.
在图4中,S有三个主要的下一跳到达D;它们是L2到E1、L2到E2和L3到E3。主下一跳L2到E1可以获得从L3到E3的链路和节点保护,E3是其他主下一跳之一;L2到E1无法从另一个主下一跳L2到E2获得链路保护。类似地,主下一跳L2到E2只能获得从L2到E1的节点保护,并且只能获得从L3到E3的链路保护。第三主下一跳L3到E3可以获得从L2到E1和从L2到E2的链路和节点保护。主下一跳L2到E2和主下一跳L2到E1都可以通过使用L1获得提供链路和节点保护的备用下一跳。
Alternate next-hops are determined for each primary next-hop separately. As with alternate selection in the non-ECMP case, these alternate next-hops should maximize the coverage of the failure cases.
为每个主下一跳分别确定备用下一跳。与非ECMP情况下的备用选择一样,这些备用下一跳应最大限度地覆盖故障情况。
As described in [RFC3137], there are cases where it is desirable not to have a router used as a transit node. For those cases, it is also desirable not to have the router used on an alternate path.
如[RFC3137]所述,存在不希望将路由器用作传输节点的情况。对于这些情况,不在备用路径上使用路由器也是可取的。
For computing an alternate, a router MUST NOT use an alternate next-hop that is along a link whose cost or reverse cost is LSInfinity (for OSPF) or the maximum cost (for IS-IS) or that has the overload bit set (for IS-IS). For a broadcast link, the reverse cost associated with a potential alternate next-hop is the cost towards the pseudo-node advertised by the next-hop router. For point-to-point links, if a specific link from the next-hop router cannot be associated with a particular link, then the reverse cost considered is that of the minimum cost link from the next-hop router back to S.
为了计算备用,路由器不得使用沿链路的备用下一跳,该链路的成本或反向成本为LSInfinity(对于OSPF)或最大成本(对于is-is)或设置了过载位(对于is-is)。对于广播链路,与潜在备用下一跳相关联的反向成本是下一跳路由器所通告的伪节点的成本。对于点到点链路,如果来自下一跳路由器的特定链路不能与特定链路相关联,则考虑的反向成本是从下一跳路由器返回到S的最小成本链路的反向成本。
In the case of OSPF, if all links from router S to a neighbor N_i have a reverse cost of LSInfinity, then router S MUST NOT use N_i as an alternate.
在OSPF的情况下,如果从路由器S到邻居N_i的所有链路都具有LSInfinity的反向成本,则路由器S不得将N_i用作备用链路。
Similarly in the case of IS-IS, if N_i has the overload bit set, then S MUST NOT consider using N_i as an alternate.
同样,在IS-IS的情况下,如果NUI具有过载位集,则S不能考虑使用NSI作为备用。
This preserves the desired behavior of diverting traffic away from a router that is following [RFC3137], and it also preserves the desired behavior when an operator sets the cost of a link to LSInfinity for maintenance that is not permitting traffic across that link unless there is no other path.
这保留了从遵循[RFC3137]的路由器转移流量的期望行为,并且当运营商设置到LSInfinity的链路成本以进行维护时,也保留了期望行为,除非没有其他路径,否则不允许该链路上的流量。
If a link or router that is costed out was the only possible alternate to protect traffic from a particular router S to a particular destination, then there should be no alternate provided for protection.
如果消耗掉的链路或路由器是保护从特定路由器到特定目的地的流量的唯一可能的备选方案,则不应提供备选方案进行保护。
[RFC5029] describes several flags whose interactions with LFAs need to be defined. A router SHOULD NOT specify the "local protection available" flag as a result of having LFAs. A router SHOULD NOT use an alternate next-hop that is along a link for which the link has been advertised with the attribute "link excluded from local protection path" or with the attribute "local maintenance required".
[RFC5029]描述了几个需要定义其与LFA交互的标志。路由器不应由于具有LFA而指定“本地保护可用”标志。路由器不应使用备用下一跃点,该下一跃点位于已使用属性“本地保护路径中排除的链路”或属性“需要本地维护”通告链路的链路上。
A router supporting this specification SHOULD attempt to select at least one loop-free alternate next-hop for each primary next-hop used for a given prefix. A router MAY decide to not use an available loop-free alternate next-hop. A reason for such a decision might be that the loop-free alternate next-hop does not provide protection for the failure scenario of interest.
支持此规范的路由器应尝试为用于给定前缀的每个主下一跳选择至少一个无环路备用下一跳。路由器可能决定下一跳不使用可用的无环路备用。做出这种决定的一个原因可能是,无循环备用下一跳不为所关注的故障场景提供保护。
The alternate selection should maximize the coverage of the failure cases.
备选方案应最大限度地覆盖故障案例。
When calculating alternate next-hops, the calculating router S applies the following rules.
计算备用下一跳时,计算路由器S应用以下规则。
1. S SHOULD select a loop-free node-protecting alternate next-hop, if one is available. If no loop-free node-protecting alternate is available, then S MAY select a loop-free link-protecting alternate.
1. S应选择一个无循环节点,以保护备用下一跳(如果有)。如果没有无环节点保护备用,则S可以选择无环链路保护备用。
2. If S has a choice between a loop-free link-and-node-protecting alternate and a loop-free node-protecting alternate that is not link-protecting, S SHOULD select a loop-free link-and-node-protecting alternate. This can occur as explained in Section 3.3.
2. 如果S可以在无环链路和节点保护备选方案与无环节点保护备选方案(不保护链路)之间进行选择,则S应选择无环链路和节点保护备选方案。如第3.3节所述,可能发生这种情况。
3. If S has multiple primary next-hops, then S SHOULD select as a loop-free alternate either one of the other primary next-hops or a loop-free node-protecting alternate if available. If no loop-free node-protecting alternate is available and no other primary next-hop can provide link-protection, then S SHOULD select a loop-free link-protecting alternate.
3. 如果S有多个主下一个跃点,则S应选择其他主下一个跃点中的一个或保护备用的无环节点(如果可用)作为无环备用。如果没有可用的无环节点保护备用,并且没有其他主下一跳可以提供链路保护,则S应选择无环链路保护备用。
4. Implementations SHOULD support a mode where other primary next-hops satisfying the basic loop-free condition and providing at least link or node protection are preferred over any non-primary alternates. This mode is provided to allow the administrator to preserve traffic patterns based on regular ECMP behavior.
4. 实现应支持这样一种模式,即满足基本无环条件并至少提供链路或节点保护的其他主下一跳优先于任何非主跳。提供此模式是为了允许管理员根据常规ECMP行为保留流量模式。
5. Implementations considering SRLGs MAY use SRLG protection to determine that a node-protecting or link-protecting alternate is not available for use.
5. 考虑SRLGs的实现可以使用SRLG保护来确定节点保护或链路保护替代方案不可用。
Following the above rules maximizes the level of protection and use of primary (ECMP) next-hops.
遵循上述规则可以最大限度地保护和使用主(ECMP)下一跳。
Each next-hop is associated with a set of non-mutually-exclusive characteristics based on whether it is used as a primary next-hop to a particular destination D, and the type of protection it can provide relative to a specific primary next-hop E:
每个下一跳与一组非互斥特征相关联,这组非互斥特征基于它是否被用作到特定目的地D的主下一跳,以及它相对于特定主下一跳E可以提供的保护类型:
Primary Path - The next-hop is used by S as primary.
主路径-下一个跃点被S用作主路径。
Loop-Free Node-Protecting Alternate - This next-hop satisfies Inequality 1 and Inequality 3. The path avoids S, S's primary neighbor E, and the link from S to E.
无循环节点保护备用-此下一跳满足不等式1和不等式3。该路径避免S、S的主要邻居E以及从S到E的链路。
Loop-Free Link-Protecting Alternate - This next-hop satisfies Inequality 1 but not Inequality 3. If the primary next-hop uses a broadcast link, then this next-hop satisfies Inequality 4.
无环链路保护备用-此下一跳满足不等式1,但不满足不等式3。如果主下一跳使用广播链路,则该下一跳满足不等式4。
An alternate path may also provide none, some, or complete SRLG protection as well as node and link or link protection. For instance, a link may belong to two SRLGs G1 and G2. The alternate path might avoid other links in G1 but not G2, in which case the alternate would only provide partial SRLG protection.
备用路径还可以提供无、部分或完整的SRLG保护以及节点和链路或链路保护。例如,一条链路可能属于两个SRLGG1和G2。备用路径可能会避免G1中的其他链路,但不会避免G2中的其他链路,在这种情况下,备用路径只能提供部分SRLG保护。
Below is an algorithm that can be used to calculate loop-free alternate next-hops. The algorithm is given for informational purposes, and implementations are free to use any other algorithm as long as it satisfies the rules described above.
下面是一个可用于计算无循环备用下一跳的算法。给出该算法是为了提供信息,实现可以自由使用任何其他算法,只要它满足上述规则。
The following procedure describes how to select an alternate next-hop. The procedure is described to determine alternate next-hops to use to reach each router in the topology. Prefixes that are advertised by a single router can use the alternate next-hop computed for the router to which they are attached. The same procedure can be used to reach a prefix that is advertised by more than one router when the logical topological transformation described in Section 6.1 is used.
以下过程描述了如何选择备用下一跳。描述该过程以确定用于到达拓扑中的每个路由器的备用下一跳。单个路由器播发的前缀可以使用为其连接的路由器计算的备用下一跳。当使用第6.1节中描述的逻辑拓扑变换时,可以使用相同的过程来达到由多个路由器公布的前缀。
S is the computing router. S has neighbors N_1 to N_j. A candidate next-hop is indicated by (outgoing link, neighbor) and the outgoing link must be bidirectionally connected, as is determined by the IGP. The candidate next-hops of S are enumerated as H_1 through H_k. Recall that S may have multiple next-hops over different interfaces to a neighbor. H_i.link refers to the outgoing link of that next-hop and H_i.neighbor refers to the neighbor of that next-hop.
S是计算路由器。S的邻居N_1到N_j。候选下一跳由(传出链路,邻居)指示,并且传出链路必须是双向连接的,这由IGP确定。候选的下一跳被枚举为H_1到H_k。回想一下,S在与邻居的不同接口上可能有多个下一跳。H_i.link指下一跳的传出链路,H_i.neighbor指下一跳的邻居。
For a particular destination router D, let S have already computed D_opt(S, D), and for each neighbor N_i, D_opt(N_i, D), D_opt(N_i, S), and D_opt(N_i, N_j), the distance from N_i to each other neighbor N_j, and the set of SRLGs traversed by the path D_opt(N_i, D). S should follow the below procedure for every primary next-hop selected to reach D. This set of primary next-hops is represented P_1 to P_p. This procedure finds the alternate next-hop(s) for P_i.
对于一个特定的目的地路由器D,让我们已经计算了D_opt(S,D),对于每个邻居N_i,D_opt(N_i,D),D_opt(N_i,S)和D_opt(N_i,N_j),从N_i到其他邻居N_j的距离,以及路径D_opt(N_i,D)所经过的srlg集。对于选择到达D的每个主要下一跳,S应遵循以下步骤。这组主要下一跳表示为P_1到P_P。此过程查找P_i的备用下一跳。
First, initialize the alternate information for P_i as follows:
首先,按如下方式初始化P_i的备用信息:
P_i.alt_next_hops = {} P_i.alt_type = NONE P_i.alt_link-protect = FALSE P_i.alt_node-protect = FALSE P_i.alt_srlg-protect = {}
P_i.alt_next_hops = {} P_i.alt_type = NONE P_i.alt_link-protect = FALSE P_i.alt_node-protect = FALSE P_i.alt_srlg-protect = {}
For each candidate next-hop H_h,
对于每个下一跳的候选人,
1. Initialize variables as follows:
1. 按如下方式初始化变量:
cand_type = NONE cand_link-protect = FALSE cand_node-protect = FALSE cand_srlg-protect = {}
cand_type = NONE cand_link-protect = FALSE cand_node-protect = FALSE cand_srlg-protect = {}
2. If H_h is P_i, skip it and continue to the next candidate next-hop.
2. 如果H_H是P_i,则跳过它并继续下一跳。
3. If H_h.link is administratively allowed to be used as an alternate,
3. 如果管理上允许H_H.link用作备用,
and the cost of H_h.link is less than the maximum, and the reverse cost of H_h is less than the maximum, and H_h.neighbor is not overloaded (for IS-IS), and H_h.link is bidirectional,
H_H.link的开销小于最大值,H_H的反向开销小于最大值,H_H.neighbor没有过载(对于is-is),H_H.link是双向的,
then H_h can be considered as an alternate. Otherwise, skip it and continue to the next candidate next-hop.
那么H_H可以被视为替代品。否则,跳过它并继续下一跳。
4. If D_opt( H_h.neighbor, D) >= D_opt( H_h.neighbor, S) + D_opt(S, D), then H_h is not loop-free. Skip it and continue to the next candidate next-hop.
4. 如果D_opt(H_H.neighbor,D)>=D_opt(H_H.neighbor,S)+D_opt(S,D),则H_H不是无环的。跳过它并继续到下一个候选下一跳。
5. cand_type = LOOP-FREE.
5. cand_类型=无回路。
6. If H_h is a primary next-hop, set cand_type to PRIMARY.
6. 如果H_H是主下一跳,则将cand_type设置为主。
7. If H_h.link is not P_i.link, set cand_link-protect to TRUE.
7. 如果H_H.link不是P_i.link,请将cand_link-protect设置为TRUE。
8. If D_opt(H_h.neighbor, D) < D_opt(H_h.neighbor, P_i.neighbor) + D_opt(P_i.neighbor, D), set cand_node-protect to TRUE.
8. 如果D_opt(H_H.neighbor,D)<D_opt(H_H.neighbor,P_i.neighbor)+D_opt(P_i.neighbor,D),则将cand_node-protect设置为TRUE。
9. If the router considers SRLGs, then set the cand_srlg-protect to the set of SRLGs traversed on the path from S via P_i.link to P_i.neighbor. Remove the set of SRLGs to which H_h belongs from cand_srlg-protect. Remove from cand_srlg-protect the set of SRLGs traversed on the path from H_h.neighbor to D. Now cand_srlg-protect holds the set of SRLGs to which P_i belongs and that are not traversed on the path from S via H_h to D.
9. 如果路由器考虑SRLGs,则将cand_srlg-protect设置为从S通过P_i.link到P_i.neighbor的路径上经过的SRLGs集。从cand_srlg-protect中删除H_H所属的srlg集。从cand_srlg-protect中删除在从H_H.邻居到D的路径上经过的SRLGs集。现在,cand_srlg-protect保存P_i所属的SRLGs集,并且这些SRLGs未在从S通过H_H到D的路径上经过。
10. If cand_type is PRIMARY, the router prefers other primary next-hops for use as the alternate, and the P_i.alt_type is not PRIMARY, goto Step 20.
10. 如果cand_类型为主,路由器会优先选择其他主下一跳作为备用跳,而P_i.alt_类型不是主跳,转到步骤20。
11. If cand_type is not PRIMARY, P_i.alt_type is PRIMARY, and the router prefers other primary next-hops for use as the alternate, then continue to the next candidate next-hop
11. 如果cand_类型不是主,P_i.alt_类型是主,路由器更喜欢其他主下一跳用作备用,然后继续下一候选下一跳
12. If cand_node-protect is TRUE and P_i.alt_node-protect is FALSE, goto Paragraph 20.
12. 如果cand_node-protect为真,而P_i.alt_node-protect为假,则转到第20段。
13. If cand_link-protect is TRUE and P_i.alt_link-protect is FALSE, goto Step 20.
13. 如果cand_link-protect为TRUE,而P_i.alt_link-protect为FALSE,则转到步骤20。
14. If cand_srlg-protect has a better set of SRLGs than P_i.alt_srlg-protect, goto Step 20.
14. 如果cand_srlg-protect的srlg组比P_i.alt_srlg-protect的srlg组更好,请转至步骤20。
15. If cand_srlg-protect is different from P_i.alt_srlg-protect, then select between H_h and P_i.alt_next_hops based upon distance, IP addresses, or any router-local tie-breaker. If H_h is preferred, then goto Step 20. If P_i.alt_next_hops is preferred, skip H_h and continue to the next candidate next-hop.
15. 如果cand_srlg-protect与P_i.alt_srlg-protect不同,则根据距离、IP地址或任何路由器本地连接断路器在H_H和P_i.alt_next_跳之间进行选择。如果首选H_H,则转到步骤20。如果首选P_i.alt_next_hops,则跳过H_H并继续到下一个候选下一跳。
16. If D_opt(H_h.neighbor, D) < D_opt(P_i.neighbor, D) and D_opt(P_i.alt_next_hops, D) >= D_opt(P_i.neighbor, D), then H_h is a downstream alternate and P_i.alt_next_hops is simply an LFA. Prefer H_h and goto Step 20.
16. 如果D_opt(H_H.neighbor,D)<D_opt(P_i.neighbor,D)和D_opt(P_i.alt_next_hops,D)>=D_opt(P_i.neighbor,D),那么H是下游备选方案,P_i.alt_next_hops只是一个LFA。选择H_H,然后转到第20步。
17. Based upon the alternate types, the alternate distances, IP addresses, or other tie-breakers, decide if H_h is preferred to P_i.alt_next_hops. If so, goto Step 20.
17. 根据备用类型、备用距离、IP地址或其他连接断路器,决定H_H是否优先于P_i.alt_下一跳。如果是,请转至步骤20。
18. Decide if P_i.alt_next_hops is preferred to H_h. If so, then skip H_h and continue to the next candidate next-hop.
18. 决定P_i.alt_next_hops是否优于H_H。如果是这样,则跳过H_H并继续下一跳。
19. Add H_h into P_i.alt_next_hops. Set P_i.alt_type to the better type of H_h.alt_type and P_i.alt_type. Continue to the next candidate next-hop.
19. 将H添加到P_i.alt_下一跳。将P_i.alt_类型设置为更好的H_H.alt_类型和P_i.alt_类型。继续到下一个候选下一跳。
20. Replace the P_i alternate next-hop set with H_h as follows:
20. 将P_i备用下一跳集替换为H_H,如下所示:
P_i.alt_next_hops = {H_h} P_i.alt_type = cand_type P_i.alt_link-protect = cand_link-protect P_i.alt_node-protect = cand_node-protect P_i.alt_srlg-protect = cand_srlg-protect
P_i.alt_next_hops = {H_h} P_i.alt_type = cand_type P_i.alt_link-protect = cand_link-protect P_i.alt_node-protect = cand_node-protect P_i.alt_srlg-protect = cand_srlg-protect
Continue to the next candidate next-hop.
继续到下一个候选下一跳。
LFAs can provide different amounts of protection, and the decision about which type to prefer is dependent upon network topology and other techniques in use in the network. This section describes the different protection levels and the trade-offs associated with each.
LFA可以提供不同数量的保护,选择哪种类型取决于网络拓扑和网络中使用的其他技术。本节介绍了不同的保护级别以及与每个级别相关的权衡。
1. Primary Next-hop: When there are equal-cost primary next-hops, using one as an alternate is guaranteed not to cause micro-loops involving S. Traffic flows across the paths that the network will converge to, but congestion may be experienced on the primary paths since traffic is sent across fewer. All primary next-hops are downstream paths.
1. 主下一跳:当存在相同成本的主下一跳时,使用一个作为备用可确保不会导致涉及S的微循环。网络将汇聚到的路径上的流量,但主路径上可能会出现拥塞,因为流量通过较少的路径发送。所有主下一跳都是下游路径。
2. Downstream Paths: A downstream path, unlike an LFA, is guaranteed not to cause a micro-loop involving S regardless of the actual failure detected. However, the expected coverage of such alternates in a network is expected to be poor. All downstream paths are LFAs.
2. 下游路径:与LFA不同,下游路径保证不会导致涉及S的微回路,无论检测到的实际故障如何。然而,网络中此类替代品的预期覆盖率预计很低。所有下游路径都是LFA。
3. LFA: An LFA can have good coverage of a network, depending on topology. However, it is possible to get micro-loops involving S if an unprotected failure occurs (e.g., a node fails when the LFA only was link-protecting).
3. LFA:LFA可以很好地覆盖网络,这取决于拓扑结构。但是,如果发生未受保护的故障(例如,当LFA仅用于链路保护时,节点发生故障),则可能会产生涉及S的微循环。
The different types of protection are abbreviated as LP (link-protecting), NP (node-protecting), and SP (SRLG-protecting).
不同类型的保护缩写为LP(链路保护)、NP(节点保护)和SP(SRLG保护)。
a. LP, NP, and SP: If such an alternate exists, it gives protection against all failures.
a. LP、NP和SP:如果存在这样的替代方案,它可以针对所有故障提供保护。
b. LP and NP only: Many networks may handle SRLG failures via another method or may focus on node and link failures as being more common.
b. 仅限LP和NP:许多网络可能通过另一种方法处理SRLG故障,或者可能将重点放在更常见的节点和链路故障上。
c. LP only: A network may handle node failures via a high-availability technique and be concerned primarily about protecting the more common link failure case.
c. 仅限LP:网络可通过高可用性技术处理节点故障,主要关注保护更常见的链路故障情况。
d. NP only: These only exist on interfaces that aren't point-to-point. If link protection is handled in a different layer, then an NP alternate may be acceptable.
d. 仅限NP:这些仅存在于非点对点的接口上。如果链路保护是在不同的层中处理的,则可以接受NP替代方案。
It is possible to simplify the computation and use of LFAs when solely link protection is desired by considering and computing only one link-protecting LFA for each next-hop connected to the router. All prefixes that use that next-hop as a primary will use the LFA computed for that next-hop as its LFA.
当需要单独的链路保护时,通过考虑和计算连接到路由器的每个下一跳的仅一个链路保护LFA,可以简化LFA的计算和使用。所有将该下一跳用作主跳的前缀将使用为该下一跳计算的LFA作为其LFA。
Even a prefix with multiple primary next-hops will have each primary next-hop protected individually by the primary next-hop's associated LFA. That associated LFA might or might not be another of the primary next-hops of the prefix.
即使是具有多个主下一跳的前缀,每个主下一跳也将由主下一跳的关联LFA单独保护。关联的LFA可能是也可能不是前缀的另一个主要下一跳。
This simplification may reduce coverage in a network. In addition to limiting protection for multi-homed prefixes (see Section 6.1), the computation per next-hop may also not find an LFA when one could be found for some of the prefixes that use that next-hop.
这种简化可能会减少网络中的覆盖范围。除了限制对多主前缀的保护(参见第6.1节),当可以为使用该下一跳的某些前缀找到LFA时,每下一跳的计算也可能找不到LFA。
For example, consider Figure 4 where S has three ECMP next-hops, E1, E2, and E3 to reach D. For the prefix D, E3 can give link protection for the next-hops E1 and E2; E1 and E2 can give link protection for the next-hops E3. However, if one uses this simplification to compute LFAs for E1, E2, and E3 individually, there is no link-protecting LFA for E1. E3 and E2 can protect each other.
例如,考虑图4,其中S有三个ECMP下一跳,E1,E2,E3到达D。对于前缀D,E3可以为下一跳E1和E2提供链路保护;E1和E2可以为下一跳E3提供链路保护。然而,如果使用这种简化来分别计算E1、E2和E3的LFA,则不存在E1的链路保护LFA。E3和E2可以相互保护。
If an alternate next-hop is available, the router redirects traffic to the alternate next-hop in case of a primary next-hop failure as follows.
如果备用下一跳可用,路由器在主下一跳失败时将流量重定向到备用下一跳,如下所示。
When a next-hop failure is detected via a local interface failure or other failure detection mechanisms (see [FRAMEWORK]), the router SHOULD:
当通过本地接口故障或其他故障检测机制(参见[FRAMEWORK])检测到下一跳故障时,路由器应:
1. Remove the primary next-hop associated with the failure.
1. 删除与故障关联的主下一跳。
2. Install the loop-free alternate calculated for the failed next-hop if it is not already installed (e.g., the alternate is also a primary next-hop).
2. 如果尚未安装为失败的下一个跃点计算的无循环备用,请安装该备用(例如,备用也是主下一个跃点)。
Note that the router MAY remove other next-hops if it believes (via SRLG analysis) that they may have been affected by the same failure, even if it is not visible at the time of failure detection.
请注意,如果路由器(通过SRLG分析)认为其他下一跳可能受到相同故障的影响,则路由器可能会删除其他下一跳,即使在故障检测时不可见。
The alternate next-hop MUST be used only for traffic types that are routed according to the shortest path. Multicast traffic is specifically out of scope for this specification.
备用下一跳必须仅用于根据最短路径路由的流量类型。多播通信量特别超出本规范的范围。
A router MUST limit the amount of time an alternate next-hop is used after the primary next-hop has become unavailable. This ensures that the router will start using the new primary next-hops. It ensures that all possible transient conditions are removed and the network converges according to the deployed routing protocol.
路由器必须在主下一跳不可用后限制备用下一跳的使用时间。这确保路由器将开始使用新的主下一跳。它确保消除所有可能的瞬态条件,并根据部署的路由协议使网络收敛。
There are techniques available to handle the micro-forwarding loops that can occur in a networking during convergence.
有一些技术可用于处理聚合期间网络中可能出现的微转发循环。
A router that implements [MICROLOOP] SHOULD follow the rules given there for terminating the use of an alternate.
实现[MICROLOOP]的路由器应遵循此处给出的终止备用路由器使用的规则。
A router that implements [ORDERED-FIB] SHOULD follow the rules given there for terminating the use of an alternate.
实现[ORDERED-FIB]的路由器应遵循此处给出的终止使用备用路由器的规则。
It is desirable to avoid micro-forwarding loops involving S. An example illustrating the problem is given in Figure 5. If the link from S to E fails, S will use N1 as an alternate and S will compute N2 as the new primary next-hop to reach D. If S starts using N2 as soon as S can compute and install its new primary, it is probable that N2 will not have yet installed its new primary next-hop. This would cause traffic to loop and be dropped until N2 has installed the new topology. This can be avoided by S delaying its installation and leaving traffic on the alternate next-hop.
希望避免涉及S的微转发循环。图5中给出了说明该问题的示例。如果从S到E的链路失败,S将使用N1作为备用,S将计算N2作为到达D的新主下一跳。如果S在S能够计算并安装其新主下一跳后立即开始使用N2,则N2可能尚未安装其新的主下一跳。这将导致流量循环并被丢弃,直到N2安装了新拓扑。这可以通过延迟其安装并将流量保留在备用下一跳上来避免。
+-----+ | N2 |-------- | +-----+ 1 | \|/ | | | +-----+ @@> +-----+ | | S |---------| N1 | 10 | +-----+ 10 +-----+ | | | | 1 | | | | | \|/ 10 | | +-----+ | | | | E | | \|/ | +-----+ | | | | | 1 | | | | | \|/ | | +-----+ | |----| D |-------------- +-----+
+-----+ | N2 |-------- | +-----+ 1 | \|/ | | | +-----+ @@> +-----+ | | S |---------| N1 | 10 | +-----+ 10 +-----+ | | | | 1 | | | | | \|/ 10 | | +-----+ | | | | E | | \|/ | +-----+ | | | | | 1 | | | | | \|/ | | +-----+ | |----| D |-------------- +-----+
Figure 5: Example Where Continued Use of Alternate Is Desirable
图5:希望继续使用替代品的示例
This is an example of a case where the new primary is not a loop-free alternate before the failure and therefore may have been forwarding traffic through S. This will occur when the path via a previously upstream node is shorter than the path via a loop-free alternate neighbor. In these cases, it is useful to give sufficient time to ensure that the new primary neighbor and other nodes on the new primary path have switched to the new route.
这是一个示例,其中新主节点在故障发生之前不是无环备用节点,因此可能已通过S转发流量。当通过先前上游节点的路径短于通过无环备用邻居的路径时,将发生这种情况。在这些情况下,给予足够的时间以确保新主路径上的新主邻居和其他节点已切换到新路由是有用的。
If the newly selected primary was loop-free before the failure, then it is safe to switch to that new primary immediately; the new primary wasn't dependent on the failure and therefore its path will not have changed.
如果新选择的主设备在发生故障之前没有环路,则立即切换到该新主设备是安全的;新的主设备不依赖于故障,因此其路径不会改变。
Given that there is an alternate providing appropriate protection and while the assumption of a single failure holds, it is safe to delay the installation of the new primaries; this will not create
鉴于存在提供适当保护的替代方案,且假设单一故障成立,因此可以安全地延迟安装新的初级电源;这不会产生任何影响
forwarding loops because the alternate's path to the destination is known to not go via S or the failed element and will therefore not be affected by the failure.
转发循环,因为已知备降者到目的地的路径不经过s或故障元素,因此不会受到故障的影响。
An implementation SHOULD continue to use the alternate next-hops for packet forwarding even after the new routing information is available based on the new network topology. The use of the alternate next-hops for packet forwarding SHOULD terminate:
即使在基于新网络拓扑的新路由信息可用之后,实现也应继续使用备用下一跳进行分组转发。使用备用下一跳进行数据包转发应终止:
a. if the new primary next-hop was loop-free prior to the topology change, or
a. 如果新的主下一跳在拓扑更改之前是无循环的,或者
b. if a configured hold-down, which represents a worst-case bound on the length of the network convergence transition, has expired, or
b. 如果已配置的抑制(表示网络聚合转换长度的最坏情况限制)已过期,或
c. if notification of an unrelated topological change in the network is received.
c. 如果收到网络中不相关拓扑更改的通知。
Since LDP [RFC5036] traffic will follow the path specified by the IGP, it is also possible for the LDP traffic to follow the loop-free alternates indicated by the IGP. To do so, it is necessary for LDP to have the appropriate labels available for the alternate so that the appropriate out-segments can be installed in the forwarding plane before the failure occurs.
由于LDP[RFC5036]通信量将遵循IGP指定的路径,因此LDP通信量也可能遵循IGP指示的无环路交替。要做到这一点,LDP必须为备用设备提供适当的标签,以便在故障发生之前在转发平面中安装适当的out段。
This means that a Label Switching Router (LSR) running LDP must distribute its labels for the Forwarding Equivalence Classes (FECs) it can provide to all its neighbors, regardless of whether or not they are upstream. Additionally, LDP must be acting in liberal label retention mode so that the labels that correspond to neighbors that aren't currently the primary neighbor are stored. Similarly, LDP should be in downstream unsolicited mode, so that the labels for the FEC are distributed other than along the SPT.
这意味着运行LDP的标签交换路由器(LSR)必须为其可以提供给所有邻居的转发等价类(FEC)分配其标签,而不管它们是否在上游。此外,LDP必须在自由标签保留模式下工作,以便存储与当前不是主要邻居的邻居相对应的标签。类似地,LDP应处于下游非请求模式,以便FEC的标签分布在SPT之外。
If these requirements are met, then LDP can use the loop-free alternates without requiring any targeted sessions or signaling extensions for this purpose.
如果满足这些要求,则LDP可以使用无环路替代,而无需为此目的进行任何目标会话或信令扩展。
An SPF-like computation is run for each topology, which corresponds to a particular OSPF area or IS-IS level. The IGP needs to determine loop-free alternates to multi-homed routes. Multi-homed routes occur for routes obtained from outside the routing domain by multiple
对每个拓扑运行类似SPF的计算,对应于特定的OSPF区域或is-is级别。IGP需要确定多宿路由的无环路替代方案。对于由多个用户从路由域外部获取的路由,会出现多宿主路由
routers, for subnets on links where the subnet is announced from multiple ends of the link, and for routes advertised by multiple routers to provide resiliency.
路由器,用于链路上的子网,其中子网是从链路的多个端宣布的,以及用于由多个路由器公布以提供弹性的路由。
Figure 6 demonstrates such a topology. In this example, the shortest path to reach the prefix p is via E. The prefix p will have the link to E as its primary next-hop. If the alternate next-hop for the prefix p is simply inherited from the router advertising it on the shortest path to p, then the prefix p's alternate next-hop would be the link to C. This would provide link protection, but not the node protection that is possible via A.
图6展示了这样的拓扑结构。在本例中,到达前缀p的最短路径是通过E。前缀p将与E的链接作为其主要下一跳。如果前缀p的备用下一跳只是从在到p的最短路径上公布它的路由器继承的,那么前缀p的备用下一跳将是到C的链路。这将提供链路保护,但不能提供通过A可能提供的节点保护。
5 +---+ 8 +---+ 5 +---+ ------| S |------| A |-----| B | | +---+ +---+ +---+ | | | | 5 | 5 | | | | +---+ 5 +---+ 5 7 +---+ | C |---| E |------ p -------| F | +---+ +---+ +---+
5 +---+ 8 +---+ 5 +---+ ------| S |------| A |-----| B | | +---+ +---+ +---+ | | | | 5 | 5 | | | | +---+ 5 +---+ 5 7 +---+ | C |---| E |------ p -------| F | +---+ +---+ +---+
Figure 6: Multi-Homed Prefix
图6:多主前缀
To determine the best protection possible, the prefix p can be treated in the SPF computations as a node with unidirectional links to it from those routers that have advertised the prefix. Such a node need never have its links explored, as it has no out-going links.
为了确定可能的最佳保护,可以在SPF计算中将前缀p视为具有来自那些已通告前缀的路由器的指向它的单向链路的节点。这样一个节点永远不需要探索它的链接,因为它没有向外的链接。
If there exist multiple multi-homed prefixes that share the same connectivity and the difference in metrics to those routers, then a single node can be used to represent the set. For instance, if in Figure 6 there were another prefix X that was connected to E with a metric of 1 and to F with a metric of 3, then that prefix X could use the same alternate next-hop as was computed for prefix p.
如果存在多个多宿前缀,它们共享相同的连接,并且与这些路由器的度量不同,那么可以使用单个节点来表示该集合。例如,如果在图6中有另一个前缀X连接到度量为1的E和度量为3的F,那么该前缀X可以使用与为前缀p计算的相同的备用下一跳。
A router SHOULD compute the alternate next-hop for an IGP multi-homed prefix by considering alternate paths via all routers that have announced that prefix.
路由器应通过考虑通过所有已宣布该前缀的路由器的备用路径来计算IGP多址前缀的备用下一跳。
In all cases, a router MAY safely simplify the multi-homed prefix (MHP) calculation by assuming that the MHP is solely attached to the router that was its pre-failure optimal point of attachment. However, this may result in a prefix not being considered repairable, when the full computation would show that a repair was possible.
在所有情况下,路由器都可以通过假设多宿前缀(MHP)单独连接到作为其故障前最佳连接点的路由器来安全地简化多宿前缀(MHP)计算。但是,这可能会导致前缀被视为不可修复,而完整的计算将表明修复是可能的。
The applicability and interactions of LFAs with multi-topology IS-IS [RFC5120] is out of scope for this specification.
LFA与多拓扑IS-IS[RFC5120]的适用性和相互作用不在本规范范围内。
OSPF introduces certain complications because it is possible for the traffic path to exit an area and then re-enter that area. This can occur whenever a router considers the same route from multiple areas. There are several cases where issues such as this can occur. They happen when another area permits a shorter path to connect two ABRs than is available in the area where the LFA has been computed. To clarify, an example topology is given in Appendix A.
OSPF引入了某些复杂因素,因为交通路径有可能退出某个区域,然后重新进入该区域。每当路由器考虑来自多个区域的同一路由时,就会发生这种情况。在某些情况下,可能会出现类似这样的问题。当另一个区域允许连接两个ABR的路径比计算LFA的区域短时,就会发生这种情况。为了澄清,附录A中给出了一个拓扑示例。
a. Virtual Links: These allow paths to leave the backbone area and traverse the transit area. The path provided via the transit area can exit via any ABR. The path taken is not the shortest path determined by doing an SPF in the backbone area.
a. 虚拟链路:这些允许路径离开主干区域并穿过传输区域。通过中转区提供的路径可以通过任何ABR退出。所采用的路径不是通过在主干区域执行SPF确定的最短路径。
b. Alternate ABR [RFC3509]: When an ABR is not connected to the backbone, it considers the inter-area summaries from multiple areas. The ABR A may determine to use area 2 but that path could traverse another alternate ABR B that determines to use area 1. This can lead to scenarios similar to that illustrated in Figure 7.
b. 备用ABR[RFC3509]:当ABR未连接到主干时,它考虑来自多个区域的区域间摘要。ABR A可确定使用区域2,但该路径可穿过确定使用区域1的另一备选ABR B。这可能导致类似于图7所示的场景。
c. ASBR Summaries: An ASBR may itself be an ABR and can be announced into multiple areas. This presents other ABRs with a decision as to which area to use. This is the example illustrated in Figure 7.
c. ASBR概述:ASBR本身可能是ABR,可以在多个领域发布。这为其他ABR提供了使用哪个区域的决策。这是图7所示的示例。
d. AS External Prefixes: A prefix may be advertised by multiple ASBRs in different areas and/or with multiple forwarding addresses that are in different areas, which are connected via at least one common ABR. This presents such ABRs with a decision as to which area to use to reach the prefix.
d. 作为外部前缀:前缀可以由不同区域中的多个ASBR和/或具有不同区域中的多个转发地址进行广告,这些地址通过至少一个公共ABR连接。这为此类ABR提供了一个关于使用哪个区域到达前缀的决策。
Loop-free alternates should not be used in an area where one of the above issues affects that area.
如果上述问题之一影响到该区域,则不应在该区域使用无回路备用电源。
When a forwarding address is set in an OSPF AS-external Link State Advertisement (LSA), all routers in the network calculate their next-hops for the external prefix by doing a lookup for the forwarding address in the routing table, rather than using the next-hops
当在OSPF中将转发地址设置为外部链路状态通告(LSA)时,网络中的所有路由器通过在路由表中查找转发地址而不是使用下一跳来计算外部前缀的下一跳
calculated for the ASBR. In this case, the alternate next-hops SHOULD be computed by selecting among the alternate paths to the forwarding link(s) instead of among alternate paths to the ASBR.
为ASBR计算。在这种情况下,应通过选择到转发链路的备用路径而不是到ASBR的备用路径来计算备用下一跳。
The applicability and interactions of LFAs with multi-topology OSPF [RFC4915] [MT-OSPFv3] is out of scope for this specification.
LFA与多拓扑OSPF[RFC4915][MT-OSPFv3]的适用性和交互不在本规范范围内。
Typically, BGP prefixes are advertised with the AS exit router's router-id as the BGP next-hop, and AS exit routers are reached by means of IGP routes. BGP resolves its advertised next-hop to the immediate next-hop by potential recursive lookups in the routing database. IP Fast Reroute computes the alternate next-hops to all IGP destinations, which include alternate next-hops to the AS exit router's router-id. BGP simply inherits the alternate next-hop from IGP. The BGP decision process is unaltered; BGP continues to use the IGP optimal distance to find the nearest exit router. Multicast BGP (MBGP) routes do not need to copy the alternate next-hops.
通常,BGP前缀以AS出口路由器的路由器id作为BGP下一跳进行广告,AS出口路由器通过IGP路由到达。BGP通过路由数据库中的潜在递归查找,将其公布的下一跳解析为紧接的下一跳。IP快速重路由计算到所有IGP目的地的备用下一跳,包括到AS出口路由器路由器id的备用下一跳。BGP只是从IGP继承备用下一跳。BGP决策过程不变;BGP继续使用IGP最佳距离来查找最近的出口路由器。多播BGP(MBGP)路由不需要复制备用下一跳。
It is possible to provide ASBR protection if BGP selected a set of BGP next-hops and allowed the IGP to determine the primary and alternate next-hops as if the BGP route were a multi-homed prefix. This is for future study.
如果BGP选择了一组BGP下一跳,并允许IGP确定主跳和备用下一跳,就可以提供ASBR保护,就像BGP路由是多宿前缀一样。这是为了以后的研究。
Multicast traffic is out of scope for this specification of IP Fast Reroute. The alternate next-hops SHOULD NOT be used for multicast Reverse Path Forwarding (RPF) checks.
多播流量超出了此IP快速重路由规范的范围。备用下一跳不应用于多播反向路径转发(RPF)检查。
The mechanism described in this document does not modify any routing protocol messages, and hence no new threats related to packet modifications or replay attacks are introduced. Traffic to certain destinations can be temporarily routed via next-hop routers that would not be used with the same topology change if this mechanism wasn't employed. However, these next-hop routers can be used anyway when a different topological change occurs, and hence this can't be viewed as a new security threat.
本文档中描述的机制不会修改任何路由协议消息,因此不会引入与数据包修改或重放攻击相关的新威胁。到某些目的地的流量可以通过下一跳路由器临时路由,如果不采用这种机制,下一跳路由器将不会与相同的拓扑更改一起使用。然而,当发生不同的拓扑变化时,这些下一跳路由器无论如何都可以使用,因此这不能被视为新的安全威胁。
In LDP, the wider distribution of FEC label information is still to neighbors with whom a trusted LDP session has been established. This wider distribution and the recommendation of using liberal label retention mode are believed to have no significant security impact.
在LDP中,FEC标签信息的更广泛分布仍然是给与之建立可信LDP会话的邻居。这种更广泛的分布和使用自由标签保留模式的建议被认为没有显著的安全影响。
The authors would like to thank Joel Halpern, Mike Shand, Stewart Bryant, and Stefano Previdi for their assistance and useful review.
作者要感谢Joel Halpern、Mike Shand、Stewart Bryant和Stefano Previdi提供的帮助和有用的评论。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[RFC2328]Moy,J.,“OSPF版本2”,STD 54,RFC 2328,1998年4月。
[RFC2740] Coltun, R., Ferguson, D., and J. Moy, "OSPF for IPv6", RFC 2740, December 1999.
[RFC2740]Coltun,R.,Ferguson,D.,和J.Moy,“IPv6的OSPF”,RFC 27401999年12月。
[RFC5036] Andersson, L., Minei, I., and B. Thomas, "LDP Specification", RFC 5036, October 2007.
[RFC5036]Andersson,L.,Minei,I.,和B.Thomas,“LDP规范”,RFC 5036,2007年10月。
[FRAMEWORK] Shand, M. and S. Bryant, "IP Fast Reroute Framework", Work in Progress, February 2008.
[框架]Shand,M.和S.Bryant,“IP快速重路由框架”,正在进行的工作,2008年2月。
[MICROLOOP] Zinin, A., "Analysis and Minimization of Microloops in Link-state Routing Protocols", Work in Progress, October 2005.
[微环]Zinin,A.,“链路状态路由协议中微环的分析和最小化”,正在进行的工作,2005年10月。
[MT-OSPFv3] Mirtorabi, S. and A. Roy, "Multi-topology routing in OSPFv3 (MT-OSPFv3)", Work in Progress, July 2007.
[MT-OSPFv3]Mirtorabi,S.和A.Roy,“OSPFv3(MT-OSPFv3)中的多拓扑路由”,正在进行的工作,2007年7月。
[ORDERED-FIB] Francois, P., "Loop-free convergence using oFIB", Work in Progress, February 2008.
[ORDERED-FIB]Francois,P.,“使用oFIB的无环收敛”,正在进行的工作,2008年2月。
[RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP and dual environments", RFC 1195, December 1990.
[RFC1195]Callon,R.,“OSI IS-IS在TCP/IP和双环境中的路由使用”,RFC 11951990年12月。
[RFC2966] Li, T., Przygienda, T., and H. Smit, "Domain-wide Prefix Distribution with Two-Level IS-IS", RFC 2966, October 2000.
[RFC2966]Li,T.,Przygienda,T.,和H.Smit,“具有两级IS-IS的域范围前缀分布”,RFC 2966,2000年10月。
[RFC3137] Retana, A., Nguyen, L., White, R., Zinin, A., and D. McPherson, "OSPF Stub Router Advertisement", RFC 3137, June 2001.
[RFC3137]Retana,A.,Nguyen,L.,White,R.,Zinin,A.,和D.McPherson,“OSPF存根路由器广告”,RFC 3137,2001年6月。
[RFC3509] Zinin, A., Lindem, A., and D. Yeung, "Alternative Implementations of OSPF Area Border Routers", RFC 3509, April 2003.
[RFC3509]Zinin,A.,Lindem,A.,和D.Yeung,“OSPF区域边界路由器的替代实现”,RFC 3509,2003年4月。
[RFC4203] Kompella, K. and Y. Rekhter, "OSPF Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS)", RFC 4203, October 2005.
[RFC4203]Kompella,K.和Y.Rekhter,“支持通用多协议标签交换(GMPLS)的OSPF扩展”,RFC 4203,2005年10月。
[RFC4205] Kompella, K. and Y. Rekhter, "Intermediate System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS)", RFC 4205, October 2005.
[RFC4205]Kompella,K.和Y.Rekhter,“支持通用多协议标签交换(GMPLS)的中间系统到中间系统(IS-IS)扩展”,RFC 4205,2005年10月。
[RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", RFC 4915, June 2007.
[RFC4915]Psenak,P.,Mirtorabi,S.,Roy,A.,Nguyen,L.,和P.Pillay Esnault,“OSPF中的多拓扑(MT)路由”,RFC 4915,2007年6月。
[RFC5029] Vasseur, JP. and S. Previdi, "Definition of an IS-IS Link Attribute Sub-TLV", RFC 5029, September 2007.
[RFC5029]Vasseur,JP。和S.Previdi,“IS-IS链路属性子TLV的定义”,RFC 50292007年9月。
[RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs)", RFC 5120, February 2008.
[RFC5120]Przygienda,T.,Shen,N.,和N.Sheth,“M-ISIS:中间系统到中间系统(IS-ISs)的多拓扑(MT)路由”,RFC 5120,2008年2月。
[RFC5340] Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, July 2008.
[RFC5340]Ferguson,D.,Moy,J.和A.Lindem,“IPv6的OSPF”,RFC 53402008年7月。
Appendix A. OSPF Example Where LFA Based on Local Area Topology Is Insufficient
附录A.基于局部区域拓扑的LFA不足的OSPF示例
This appendix provides an example scenario where the local area topology does not suffice to determine that an LFA is available. As described in Section 6.3, one problem scenario is for ASBR summaries where the ASBR is available in two areas via intra-area routes and there is at least one ABR or alternate ABR that is in both areas. The following Figure 7 illustrates this case.
本附录提供了一个示例场景,其中局部区域拓扑不足以确定LFA是否可用。如第6.3节所述,一个问题场景是ASBR摘要,其中ASBR通过区域内路线在两个区域可用,并且两个区域中至少有一个ABR或备用ABR。下图7说明了这种情况。
5 [ F ]-----------[ C ] | | | | 5 20 | 5 | 1 | [ N ]-----[ A ]*****[ F ] | | # * | 40 | # 50 * 2 | | 5 # 2 * | [ S ]-----[ B ]*****[ G ] | | * | 5 | * 15 | | * | [ E ] [ H ] | | * | 5 | * 10** | | * |---[ X ]----[ ASBR ] 5
5 [ F ]-----------[ C ] | | | | 5 20 | 5 | 1 | [ N ]-----[ A ]*****[ F ] | | # * | 40 | # 50 * 2 | | 5 # 2 * | [ S ]-----[ B ]*****[ G ] | | * | 5 | * 15 | | * | [ E ] [ H ] | | * | 5 | * 10** | | * |---[ X ]----[ ASBR ] 5
---- Link in Area 1 **** Link in Area 2 #### Link in Backbone Area 0
---- Link in Area 1 **** Link in Area 2 #### Link in Backbone Area 0
Figure 7: Topology with Multi-Area ASBR Causing Area Transiting
图7:多区域ASBR导致区域转换的拓扑
In Figure 7, the ASBR is also an ABR and is announced into both area 1 and area 2. A and B are both ABRs that are also connected to the backbone area. S determines that N can provide a loop-free alternate to reach the ASBR. N's path goes via A. A also sees an intra-area route to ASBR via area 2; the cost of the path in area 2 is 30, which is less than 35, the cost of the path in area 1. Therefore, A uses the path from area 2 and directs traffic to F. The path from F in area 2 goes to B. B is also an ABR and learns the ASBR from both areas 1 and area 2; B's path via area 1 is shorter (cost 20) than B's path via area 2 (cost 25). Therefore, B uses the path from area 1 that connects to S.
在图7中,ASBR也是一个ABR,被宣布进入区域1和区域2。A和B都是也连接到主干区域的ABR。S确定N可以提供一个无循环的替代方案以到达ASBR。N的路径经过A。A还看到通过区域2到ASBR的区域内路径;区域2中路径的成本为30,小于区域1中路径的成本35。因此,A使用来自区域2的路径并将流量引导至F。区域2中来自F的路径通向B。B也是ABR,并从区域1和区域2学习ASBR;B通过区域1的路径比B通过区域2的路径短(成本20)(成本25)。因此,B使用从区域1连接到S的路径。
Authors' Addresses
作者地址
Alia K. Atlas (editor) BT
Alia K.Atlas(编辑)BT
EMail: alia.atlas@bt.com
EMail: alia.atlas@bt.com
Alex Zinin (editor) Alcatel-Lucent 750D Chai Chee Rd, #06-06 Technopark@ChaiChee Singapore 469004
亚历克斯·齐宁(编辑)阿尔卡特-朗讯柴子路750D号#06-06Technopark@ChaiChee新加坡469004
EMail: alex.zinin@alcatel-lucent.com
EMail: alex.zinin@alcatel-lucent.com
Raveendra Torvi FutureWei Technologies Inc. 1700 Alma Dr. Suite 100 Plano, TX 75075 USA
Ravendra Torvi FutureWei Technologies Inc.美国德克萨斯州普莱诺市阿尔玛博士套房100号1700室75075
EMail: traveendra@huawei.com
EMail: traveendra@huawei.com
Gagan Choudhury AT&T 200 Laurel Avenue, Room D5-3C21 Middletown, NJ 07748 USA
美国新泽西州米德尔敦劳雷尔大道200号D5-3C21室加根·乔杜里电话电报公司07748
Phone: +1 732 420-3721 EMail: gchoudhury@att.com
Phone: +1 732 420-3721 EMail: gchoudhury@att.com
Christian Martin iPath Technologies
Christian Martin iPath Technologies
EMail: chris@ipath.net
EMail: chris@ipath.net
Brent Imhoff Juniper Networks 1194 North Mathilda Sunnyvale, CA 94089 USA
布伦特·伊姆霍夫Juniper Networks 1194北马蒂尔达桑尼维尔,加利福尼亚州94089
Phone: +1 314 378 2571 EMail: bimhoff@planetspork.com
Phone: +1 314 378 2571 EMail: bimhoff@planetspork.com
Don Fedyk Nortel Networks 600 Technology Park Billerica, MA 01821 USA
美国马萨诸塞州比尔里卡唐费克北电网络600技术园01821
Phone: +1 978 288 3041 EMail: dwfedyk@nortelnetworks.com
Phone: +1 978 288 3041 EMail: dwfedyk@nortelnetworks.com
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2008).
版权所有(C)IETF信托基金(2008年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.