RSVP Graceful Restart Operation
RSVP graceful restart is based on RSVP hello messages. Hello messages are exchanged between the router and its neighbor nodes.
Each neighbor node can autonomously issue a hello message containing a hello request object. A receiver that supports the
hello extension replies with a hello message containing a hello acknowledgment (ACK) object. If the sending node supports
state recovery, a Restart Cap object that indicates a node's restart capability is also carried in the hello messages. In
the Restart Cap object, the restart time and the recovery time is specified. The restart time is the time after a loss in
Hello messages within which RSVP hello session can be re-established. The recovery time is the time that the sender waits
for the recipient to re-synchronize states after the re-establishment of hello messages.
For graceful restart, the hello messages are sent with an IP Time to Live (TTL) of 64. This is because the destination of
the hello messages can be multiple hops away. If graceful restart is enabled, hello messages (containing the restart cap object)
are send to an RSVP neighbor when RSVP states are shared with that neighbor. If restart cap objects are sent to an RSVP neighbor
and the neighbor replies with hello messages containing the restart cap object, the neighbor is considered to be graceful
restart capable. If the neighbor does not reply with hello messages or replies with hello messages that do not contain the
restart cap object, RSVP backs off sending hellos to that neighbor. If a hello Request message is received from an unknown
neighbor, no hello ACK is sent back.
Network administrators need the ability to establish a security domain to control the set of systems that initiates RSVP requests.
The RSVP authentication feature permits neighbors in an RSVP network to use a secure hash to sign all RSVP signaling messages
digitally, thus allowing the receiver of an RSVP message to verify the sender of the message without relying solely on the
sender's IP address.
The signature is accomplished on a per-RSVP-hop basis with an RSVP integrity object in the RSVP message as defined in RFC
2747. The integrity object includes a key ID, a sequence number for messages, and keyed message digest. This method provides
protection against forgery or message modification. However, the receiver must know the security key used by the sender to
validate the digital signature in the received RSVP message. Network administrators manually configure a common key for each
RSVP neighbor on the shared network. The sending and receiving systems maintain a security association for each authentication
key that they share. For detailed information about different security association parameters, see the Security Association Parameters table.
You can configure global defaults for all authentication parameters including key, window size, and lifetime. These defaults
are inherited when you configure authentication for each neighbor or interface. However, you can also configure these parameters
individually on a neighbor or interface basis, in which case the global values (configured or default) are no longer inherited.
Interface and neighbor interface modes unless explicitly configured, inherit the parameters from global configuration mode
The following situations explain how to choose between global, interface, or neighbor configuration modes:
Global configuration mode is optimal when a router belongs to a single security domain (for example, part of a set of provider
core routers). A single common key set is expected to be used to authenticate all RSVP messages.
Interface, or neighbor configuration mode, is optimal when a router belongs to more than one security domain. For example,
a provider router is adjacent to the provider edge (PE), or a PE is adjacent to an edge device. Different keys can be used
but not shared.
A security association (SA) is a collection of information that is required to maintain secure communications with a peer.
The following table lists the main parameters that defines a security association
Table 1. Security Association Parameters
Security Association Parameters
IP address of the sender.
IP address of the final destination.
Interface of the security association.
Send or receive type of the security association.
Expiration timer value that is used to collect unused security association data.
Last sequence number that was either sent or accepted (dependent of the direction type).
Source of keys for the configurable parameter.
Key number (returned form the key-source) that was last used.
Specifies the maximum number of authenticated messages that can be received out of order.
Specifies the last window size value sequence number that is received or accepted.
MPLS-TE LSP OOR
The MPLS-TE LSP OOR function adds capability for the RSVP-TE control plane to track the LSP scale of transit routers, so that
it can take a specific set of (pre-configured) actions when threshold limits are crossed, and inform other routers in the
network. MPLS-TE keeps track of the number of transit LSPs set up through the router. The limits do not apply to ingress and
egress LSP routers since they are driven by explicit configuration. In other words, the configuration determines how many
egress or ingress LSPs a router has. For midpoint routers, the number is a function of the topology, the links metrics, and
State Transition Triggers - The LSP OOR state transition is triggered by checking the total transit LSP count and the unprotected count. If either
count crosses the threshold, the state transition is triggered. If both counts cross the limit, the more critical state is
chosen. Each limit will have a value for the Yellow threshold and a value for the Red threshold. When these thresholds are crossed, the configured MPLS-TE LSP OOR actions take effect. Similarly, the transition
to Green state occurs when the LSP numbers drop.
LSP OOR State Dampening - The reason for LSP OOR State Dampening is that the number of accepted LSPs would be at the threshold and once an LSP is
deleted, the state goes back from Red to Yellow, and a new LSP is setup and the state goes back to Red.
The solution is to introduce dampening when there is a state transition from Red to Yellow or from Yellow to Green. Whenever
the transit number of LSPs crosses down a threshold, a timer is started for 10 seconds. After the timer expires, the new state
is computed and moved to it. The timer is stopped if the transit number threshold is crossed (up) again. The transition from
a state to a more severe state is not dampened.
Low and High Priority LSPs - When the LSP OOR is in yellow or red state, new high priority LSPs will not preempt low priority LSPs. Preemption can still
occur but only for bandwidth reasons. In other words, if the router is in Red state where one of the actions is to reject
any new LSP, the new high-priority LSPs are rejected even if there is an established low-priority LSP. The low-priority LSP
is not removed to make room for the high-priority one.
Configuration Limit - Setting the configured limit to a value that is smaller than the current number of LSPs will trigger state transition but
will not cause existing LSPs to be deleted or preempted. Setting the configured limit to a value that is larger than the current
number of LSPs takes the node out of LSP OOR state. When an LSP cannot be admitted due to LSP OOR, the LSRs send Path Error
messages to the LERs.
Event Logging - This is generated when the system transitions across OOR states, such as a resource change into an yellow or red state. Reporting level for Red is critical (1), and for yellow is warning (4). The following example shows that the count has crossed the threshold of 5000.
RP/0/RP1/CPU0:May 15 17:05:48 PDT: te_control: %ROUTING-MPLS_TE-4-LSP_OOR :
Transit LSP resources changed to Yellow.
Total transit: configured threshold 5000; actual count 5001;
Unprotected transit: configured threshold 4294967295; actual count 0
When the resource comes out of OOR, it will report as green.
action accept reopt-lsp
action flood available-bw 20
action admit lsp-min-bw X -- > (in kbps, a lower limit than yellow and red state)
transit-all threshold 75000
action accept reopt-lsp
action flood available-bw 0
action admit lsp-min-bw Y
transit-all threshold 90000
action flood available-bw 0
action admit lsp-min-bw Z
The LSP OOR threshold values are set to yellow as 75000 and red as 90000. When these thresholds are crossed, corresponding
actions are applied to all the TE interfaces.
The default values of the above thresholds are infinite.
When the LSP OOR yellow state is reached, the accept reopt-lsp action, flood available-bw 0 action and admit lsp-min-bw actions are activated. This allows headend routers to reoptimize existing LSPs through, but doesn’t allow new LSPs to get
established. Also, MPLS-TE advertises zero bandwidth out of all interfaces, making this transit router less preferable for
new LSPs. To handle a sudden burst of new LSPs that get signaled, the action admit lsp-min-bw function ensures only a small number of high bandwidth LSPs get provisioned through the affected router. When the red threshold
state is crossed, the flood available-bw 0 and admit lsp-min-bw actions prevent any additional or reoptimized transit LSPs from getting set up through the affected router.