Hi Huaimo:
Replies are in line….prefaced with DA> <snipped> 1. The alternate backup path would appear to also require the criteria of being link diverse with the FT if the goal is to protect against multiple failures. [HC]: Can you give some more details about this? [DA] There is a bit of a chain of logic I did not well elucidate… If we have an FT sufficient to be complete in the presence of any single failure, AND if we have a multiple failures situation such that the FT has been partitioned, and the information at any node is incomplete, then IMO the heuristic to attempt a blind repair with the highest probability of success is to a. Assume any observed failure is the worst possible class of failure (e.g. node, as if the FT is severed the surrounding nodes will only see one or some of the LSAs associated with the node failure). b. Attempt to restore using links that are not part of the FT as if I assume the probability of multiple failures decreases exponentially in proportion to the number of simultaneous failures, it has a higher probability of success…. On reflection ‘b’ seems too simplistic, and does not reflect that some knowledge of what parts of the FT survive in the partition the node contemplating restoration is in, would be available for decision making. And the fact that the concept of path as a response to the failure scenario being discussed IMO is not realistic (I elaborate a bit below). 2. If node failures are considered, I’m not sure what criteria is used to deem a backup path as useful….. [HC]: Regarding to the failure of a node X on the FT, suppose that there are multiple (i.e., two or more) nodes that were connected to the failed node X through the links on the FT. For each pair of these multiple nodes, a backup path between this pair is computed and enabled for temporary flooding. Thus the backup paths will connect these multiple nodes on the FT, and the FT partition caused by multiple failures including the failure of node X is fixed through the backup paths for the failed node X and the backup paths for the other failures. For example, if the failed node X was connected to two nodes Ri and Rj (assume that Ri’s ID < Rj’s ID) by the links on the FT before node X fails, there is only one pair of nodes: (Ri, Rj). A unique backup path from Ri to Rj is computed and enabled for temporary flooding. This backup path will connect Ri and Rj on the FT and fix the FT partition caused by multiple failures with the backup paths for the other failures. In another example, if the failed node X was connected to three nodes Ri, Rj and Rk (assume that Ri’s ID < Rj’s ID < Rk’s ID) by the links on the FT before node X fails, there are three pairs of nodes: (Ri, Rj), (Ri, Rk) and (Rj, Rk). A unique backup path from Ri to Rj, a unique backup path from Ri to Rk, and a unique backup path from Rj to Rk are computed and enabled for temporary flooding. These three backup paths will connect three nodes Ri, Rj and Rk on the FT, and fix the FT partition caused by multiple failures with the backup paths for the other failures. DA> Again I need to back this up a bit and incorporate a bit more subsequent reflection in my response. What I was referring to blurred two discussions, adding links in response to severing and your post where path establishment seemed to be based on a previously known network state. As observed above, I do not think a restoration strategy focused on a repair path that assumes a link failure will do anything useful for the partitioning scenario under consideration. I also do not see a simple heuristic for a collection of nodes that are blind to the overall state of the FT to create a new path in the FT as a distributed response and where no signaling is involved. I’d assume that is why what is being discussed is to add links temporarily as that is about the only strategy that can work with unilateral decisions by single nodes not acting in a coordinated fashion….If a path is required, a node trying to instantiate a portion of the path cannot depend on its neighbor to independently come to the same conclusion, in fact for an actual repair the opposite is just about guaranteed. I hope that is clearer Dave
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Lsr mailing list [email protected] https://www.ietf.org/mailman/listinfo/lsr
