Enhanced Topology Independent Loop-free Alternate Fast Re-route

Segment Routing enables to steer packets by explicitly encoding instructions in the data packets at the source node to support services like traffic engineer. Relying on SR, defines Topology Independent Loop-free Alternate Fast Re-route (TI-LFA), a local repair mechanism for IGP shortest path that capable of restoring end-to-end connectivity in the case of a sudden directly connected failure of a network component. TI-LFA supports to establish a loop free backup path over the expected post-convergence paths from the point of local repair irrespective of the topologies used in the network, which provides a major improvment compared to LFA , and remote LFA which cannot be applicable in some topologies . However, the TI-LFA path may skip the node that the active SID points to when protecting [Adjacency, Node] segment lists. For instance, the node that a adjacency SID points to is a very important node and can not be skipped, such as a firewall node. When the link between the local repair node and firewall node fails, the packets should be steered back to the firewall and then forwarding. But in TI-LFA, if the next SID in the SID list is a node SID, the TI-LFA FRR path MAY bypass the node that the active segment points to. Also, if the firewall node is down, the packets should be dropped instead for fast reroute to bypass the node. Bypassing nodes like firewall in FRR brings issues of network security and reliability. To enhance the security and reliability of networks, this document defines an Enhanced Topology Independent Loop-free Alternate Fast Re-route (TI-LFA+) based on TI-LFA by adding a No-bypass flag for segments to explicitly specify what node can not be bypassed. Also, this document defines No-bypass flag and No-FRR flag in SRH to indicate not to bypass nodes and not to perform FRR on all the nodes along the SRv6 path, respectively.

This document makes use of the terms defined in and . The reader is assumed to be familiar with the terminology defined in and .

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Enhanced Topology Independent Loop-free Alternate Fast Re-route (TI-LFA+) is an enhancement of TI-LFA to explicitly indicate whether a node that segment points to can not be bypassed in FRR scenarios. TI-LFA+ will not change the main process and algorithm of TI-LFA. Instead, in TI-LFA+, when generating repair SID list for a SID, the node should consider whether the SID endpoint can be baseed or not, which is explicitly encoded in IGP messages. If the node that segment points to can not be bypassed, then the repair SID MUST lead the packets to that node. This document defines a No-bypass flag for segments in IS-IS and OSPF. Details will be discussed in section 4. A node should advertise two kinds of segment to meet various service policy requirements. Bypassing capable segment with No-bypass flag unset No-bypassing segment with No-bypass flag set. A controller or control plane should choose specific segment according to the service policy. [Editors' note] If the TI-LFA result is generated based on Locator route instead of SIDs, then the No-bypass Flag can be applied to the Locator. Also, this document defines No-bypass flag and No-FRR flag in SRH to indicate not to bypass nodes and not to perform FRR on all the nodes along the SRv6 path, respectively. Details will be discussed in section 5.

describes the necessary IS-IS extensions that need to be introduced for Segment Routing. defines the IS-IS extensions required to support Segment Routing over an IPv6 data plane. This documment defines a No-bypass flag in flag filed of the following IS-IS sub-TLV/TLV. Prefix Segment Identifier sub-TLV (Prefix-SID sub-TLV) Adjacency Segment Identifier sub- TLV (Adj-SID sub-TLV). Locator entry in SRv6 Locator TLV The following figures are included here for reference and will be deleted in the future version.

If the No-bypass(NB) flag is set, means the node that the SID/Label/Locator points to can not be bypassed. Oterwise, the node can be bypassed.

describes the necessary OSPF extensions that need to be introduced for Segment Routing. defines the OSPF extensions required to support Segment Routing over an IPv6 data plane. This documment defines a No-bypass flag in flag filed of the following OSPF sub-TLV/TLV. Prefix SID Sub-TLV Adj-SID sub-TLV SRv6 Node SID TLV SRv6 SID Link Attribute Sub-TLV The following figures are included here for reference and will be deleted in the future version.

If the No-bypass(NB) flag is set, means the node that the SID/Label/Locator points to can not be bypassed. Oterwise, the node can be bypassed.

This section describes two flags in SRH.

This document defines a No-bypass Flag in SRH .

NB Flag: No-Bypass flag, when the flag is set, the repair segment endpoint nodes MUST NOT bypass any nodes when link or node failures occur. When a link is down, the packet MUST be forwarded to the next segment endpoint node through the repair path. When the node identified by the active SID in IPv6 destination address is down, the SID can not be skipped, and the traffic MUST be forwarded to the node. The flag can be set when the SID list containing service SIDs like firewall SID, so that the traffic will not bypass the service nodes.

This document defines a No-FRR Flag in SRH .

NF Flag: No-FRR flag, when the flag is set, the FRR is disable for the packet, thus the packet will not be protected by the Local protection mechanism, such as TI-LFA. The flag can be set when the SID list containing service SIDs like firewall SID, so that the traffic will not bypass the service nodes. In this case, E2E protection mechanism should be deployed.

TBD.