[pim] [Shepherding AD review] Pre-IETF Last-Call review of draft-ietf-pim-mofrr-tilfa-04

"Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com> Fri, 30 August 2024 07:10 UTC

Return-Path: <gunter.van_de_velde@nokia.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6371C180B44; Fri, 30 Aug 2024 00:10:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.255
X-Spam-Level:
X-Spam-Status: No, score=-2.255 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AwAKJ4SJRVC9; Fri, 30 Aug 2024 00:10:08 -0700 (PDT)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2073.outbound.protection.outlook.com [40.107.249.73]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2B43C151087; Fri, 30 Aug 2024 00:10:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lWH9DPYRRMAKUdlAmWd4BUGbuu6jJ+jozcERzqK3WzOfZa4KqgCenpWz5VhFFosrSnwDKKWGTfBWJgqZdjIbtBpWsnHsVv1Tcqjb5I3zYf8yOuhIen0JScXdeZ0DMDz6pEGSGKqCcyyjjuhIUIJOM6pg3r118y3K2axQzvfsbUxtiBQd5l5zGzsJgJRKD8E292Ydu26SG3bqruDf3bsSwqtEUwTqdUwQCouw9zCeybSrf8JKrw5OFgVRzfWpcSRl1Dx9GjPheY+fTPkXg8s9ESM2PtSQnYCGzu0GaPlmlWUe5EK2d6XlNcdQ5SDYjFa2TjT5lLIdMUt4yPqfNJMoRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d9mskHAw816bPVOwgPjpa++Wo3fOC6YWeLexYKKj2nY=; b=XXSSV6jZInY7jA0qe2FYVK/01TCvuszP7HwPUzU8rAX2k3A4DUE8QFGwmwfzpBHzcnd8ltB/Ww4xAZidBLRYwvN2jDiFvZ0w73N0Pefo/6fgoiqlTbBqx5LuClxSdwyXO7IfdqpXJSllAB0tQPixHWyOQubw12R3Z2g4Iga4MGICg7uxuZh0WD0qYxzSpgyOMts+rM1e0y/qZMXVT6OMbSdbI/T0H6yQrSIZ9uoC9VPZYEiTT/dwcv+SkrCO07qGgZuO5eroqMxWgE7YxM6vgoE0qG21qHO6ZzTrEuBLIDP+LvupKsEUsczTnb5xC00pA55i8H3twbPffY5CfnMkpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d9mskHAw816bPVOwgPjpa++Wo3fOC6YWeLexYKKj2nY=; b=qFFq05e36EM99tz0HB561/tu/nTXDE6CYSOiGkLKtWZMytanNSbQUEsFLH0/s34txIhRfvOlE9clC1ipWnacosxAxItlucnCW8pN8M+mbIK63Ba1/uN6MOMREvnIGZ0PB1av3L5Mlw+f0wIZn6zH7lvCtRuCS1RN7asKfd8hHXIKgjc8SScwV8z5PvKM8rNVc4CX6OohE93h2+PUjCX38mWMq/sU87tRJFGE4IjAjlscGYw1E3xQyu6mMKRkVL05PBp6gvIKO4jPiCXbOM7BUco2DvVUX4SBXK96jmf8ENh2EmH5o58M/JV/A88Sv8iq7AEAmFf6wQpkaYllOQKZcg==
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com (2603:10a6:20b:470::16) by PA4PR07MB7536.eurprd07.prod.outlook.com (2603:10a6:102:c5::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.20; Fri, 30 Aug 2024 07:10:01 +0000
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e]) by AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e%7]) with mapi id 15.20.7918.019; Fri, 30 Aug 2024 07:10:01 +0000
From: "Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com>
To: "draft-ietf-pim-mofrr-tilfa@ietf.org" <draft-ietf-pim-mofrr-tilfa@ietf.org>
Thread-Topic: [Shepherding AD review] Pre-IETF Last-Call review of draft-ietf-pim-mofrr-tilfa-04
Thread-Index: Adr6q3q6gbpVwJG8TQmRGvUehX3gfQ==
Date: Fri, 30 Aug 2024 07:10:01 +0000
Message-ID: <AS1PR07MB858937DD986359A8EB7BC450E0972@AS1PR07MB8589.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8589:EE_|PA4PR07MB7536:EE_
x-ms-office365-filtering-correlation-id: 58bf2460-ecb1-453a-6bee-08dcc8c2c3ba
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018;
x-microsoft-antispam-message-info: rix/qFKn2Z2VqkM/DwNsoEhxdjyeSgME5EV3xzjnUc8SVSje+Nz0DQPBWqvu1QOLVLQFQRYaKPsFj1fWqBc3KylImzWD+GLwBJ195Rwj2ocGuN6ATxjy5oNetgQVYG7s/hCDOKBWOAiqlwoUro8UOZKfqFwBsKzEHWPBTY5iKu35KrTbQNwJe3qFt1/QBKpirbexS4G/1KajBVj8B6xot1/fiw2Y0naehnO0YQFPvaJqSFjazHpqLmg5aeE73XcOqATUyJMq7wsn/OA/YfIVlEKHve8XkCmyBZZ06XC8Rd5GWm92Qz4SFMy9r9RrihGIPoYH5ZeAqL8Aoez1aqnhP/Wx6YPjtODWh2UxOyHbkc6/mltzTxFwXdspWJkMXHQL4YL5ytk9+P8Ieyz+sKA+NG5Qkj9u4y0XfpmgoUe1TeQ/bLaBIRrP95zenlvTWjp5EOWF3sUf8lJSp+5qkO1V43VJrTFjQopKRkYnI71+plRIb4vMkvU1uifZz6jr9qRBq9hDYDiIKvQK6CDi/+XE/8w+4tCcN7vlMimSgZxPLXKHH4hUsuo44pdayVZwD4mzcC1MJ9XuaYrMur9zlSWykBMLf5frmSTaEwYgnzuEIOq09yL8PXTX47WONv+BSlZnYWVcNrQS7bcYdCT3bq7SWZnHsK5XX4RhG9+lwJlU7XMve8B4fvQrulAqEsJYNtATYEtClyX2yr5d3T2R+4GIgPJrPRKBULLOGpDOqLY4f5IHa/OXgtZBA44iqJXOAi9GY6E0mN+e7Vwo3ylFG38Eg1aUio7uYIj3hMtNUAcN3TLQALCPZ87LAcdSF7UGaRZFKPXeE2EmlGsPwwxaTsdalfUT7qkRScs860kscT5mjzQ7Kmhab/8HYqUKGzvkdiSJomGCeoa5WYf3bxx4cIaBxiV6/8fluMQWq/EvvBnZ8LbXgjQj2RnxwlTPvoUNIRxyGsYJrzkE1knOX9KaJ+b3qLGP2Ld+IFwr0vRZHTEoN1U39/SOirc8rXItq855kTBl4LIajg361JtOa4F8CxL2CRwkdb38QLCBHfF4OHHf2RAJ5rC4cmCx5tbu8gd897FtdMG5un+Tsua//rjVPp7GORiIwQsdJkGAaULhmsJOSBGnBkVtxRpbaPYJrCmRnv8pP/1VScO1j/ItKkPeh+l0DJIay388IgdA167eepQAE/vL3XtHJ0GmYFoAuz1+c6WZC4wkZDKsgRW01UAIbseuVacptdjMHuQ/hst6AS68xMGi4ECuLrd7DhW0r5gjMwKvjC86MzNNA7J9odc7w6iU9cQQPeYs7+n6g7uB9g1Z8JGvgZgkntaQD6WXEphL3QN9pbNSgvjLWgPZpdL3XARWa5V5Ycf66yJm3idd+6RaX6Q=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS1PR07MB8589.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: cKJ/OVECwciFThgxUC2bsol5PJ1YXQNIJZHfZXAGU2WpAfKC00PNfhJ3c9B1QpFvrKkz9M14I26TySGnJ6HsnllQDRldrhUpbEbgNZS1k6nnZXPAwhjOudMhoPoeyNXDsNjoFqO54wYQqel4gZ56FQyaHc20UVo0+q0WR+baYyDQxwCxiTa073jRv7r6PYp5wWAD6Pw6rgzkv87Rlm0ORkm6Mkp6qAZk/bPmg3yYAe+awxhdRcLfjTRLOM1gIt37kx5PwEF8d4ZVugEY1PkMZoJyA5wrRvgpSbzRqBQnydQaoJ9t8vbX0lcnykiYQQby3JtYsfDQ6fzYJwK8STcO/7v8YQ6A/w47wO6/Y+5BC9TIC4y/iAdje4COBWoSyfxICsy2BwhUzZjn4UwlM8ixuYA6alyeVdxLdfiY3nodHafUxlR88HjO08jkdJZtYkY+vVN+aNPK+BUFaKaTEONlpgslswHckFPS/wnI3eLmpY5UZaRju/BE4HEKy/QiY5rqSHmY06otbCSuHH4CjcQTvNMjanojT4F4BGSF30wXrbJOxtdsn8l9JYWGhlQ1ndOWExJvQ9MJ9aN8+dYf1VrJYuW9jnWopyOm3cgfrYljykDgYKEoVanaX9dONjwZMS34WHEgDjLBarRgqu51VH8xbSKwpvDuQE3Q6kQEdb8n097MRzTFsQQHbt4Rl3mIXke+aXqOI83YGQBVX+uhAq2aIAVy+8cCWnOL3Nr0+KjXUED8bgyNiuEMc68xWq4u6whmg7UGjD8f0ZtdQ5ZPmJYD4NIXXMN9Ivrf0CXiJzSt5wQWOOeBOVK2Ak0TO6q6jfYOS1GAgf1WBsyXOG76QSK/+VuWGNxx/34ix9Gtakh6+IuxjDSrI+BZBPedCfx+Sc5Dwf3E9pYgyPXbiiIdxXegBYnzOGtqSEyIiI55WbtcB+v+oLZxfNTkMfVP4nFZ1EfZRPRHbUBwWSezXP18+s1yVUODEzu2WFu4XrQyqUuTHVQCjsBof5KDQQOLIOtMgT+DjtsJhz6VS+j0gil6+hh7Db/T8B1PFQ72jSEJExefL7HV+HRAu72euLm2zBXkdZGHj7xasGwNO1CaP7YrWE9ZFsUbHACZ1LoG/WFNbgpHA+kNLhYTtl1I/UjBxfMtVi9szZjVjGgeKG8Ywsl1cssmFd9vdGw6EH7uOvumb0cwU3PXcEV7jTkiL9t2bl0Bg5clDGx73n+vSmCVhd7TRW2nro2YDsW873VdrWVn7WLIxsXQdTgun9Ufld7kqh5pKkcExs7qgaAMH23nlGIsiJtYTUk49WAElMzjvPYCfkX6gsnG/2lLUWLF+DMk0qZ2MkN6NBmaR5cR82VO62TEFBGkHq/siXFRrJtQnw5OQhCjOzuhJ9MUatbve9peBdZZIup92aXPp2wiiUPrgN92KjEjwlzfgSR1CCwKCi2r/7aFjYJ067hiuBjcbDCIUsLbNOUqW4VAHqgQyKc4i1AiABzJRuUrjhpFOBWUTAxY7RKVViUSRVJkcJ4fXVph7R5m/XGcUrKwxQj1NoHtvHChZHljXskEtMkk4YXoy4MJq2uL65vpvvwHi/1Gdt/EJn3CCvnBH+ILerGIwhgYAHtJ9egMkq8ZCmUSzpFTTOnHhvhi7yzU6YWy30VWwVEq7b4CJNJnaF7L44VGpDqme9kF5HjuDA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8589.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 58bf2460-ecb1-453a-6bee-08dcc8c2c3ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Aug 2024 07:10:01.2513 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fUbatVw6tg0xOBF5RRv3dz6ymyCyuXFaHNEJBl7Ol7gwxqR9G5ZEBDF6mGHVSMB30nRoWFIQB5kRwc8bNDadPCw2J91BYuQNqR47Msl9CLM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB7536
Message-ID-Hash: 4KZYWCO5NLDEMVHUL7OO4NR4Q2KPFMOU
X-Message-ID-Hash: 4KZYWCO5NLDEMVHUL7OO4NR4Q2KPFMOU
X-MailFrom: gunter.van_de_velde@nokia.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "pim@ietf.org" <pim@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] [Shepherding AD review] Pre-IETF Last-Call review of draft-ietf-pim-mofrr-tilfa-04
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/CoGmYK4UZHUMOLfhiUXonqXjovI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

# Gunter Van de Velde, RTG AD, comments for draft-ietf-pim-mofrr-tilfa-04

This is a shepherding AD draft review before starting the process of the IETF LC.


#GENERIC COMMENTS
#================
## Many thanks to Stig Venaas for the Shepherd writeup

## idnits spits some warnings and unused references:
https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-pim-mofrr-tilfa-04.txt

## When searching the PIM WG archives there has been very little discussion about this work on the list. 

## The text sturcture and grammar was not always easy to follow. I tried to provide alternate text proposals fixing them. I tried to keep original objective intact

## section 6. Security considerations is rather compact. The solution in the draft uses tunnels and LFA technology and these may have implicit relevant security considerations. I took liberty to add a set of those considerations at the end of this review message to look at and potentially validate against usage in a MoFRR enabled environment.


#DETAILED COMMENTS
#=================
##classified as [minor] and [major]

55	Abstract
56
57	   Multicast-only Fast Reroute (MoFRR) has been defined in RFC7431,
58	   but the selection of the secondary multicast next hop depends on the
59	   loop-free alternate fast reroute, which has restrictions in
60	   multicast deployments. This document describes a mechanism for
61	   Multicast-only Fast Reroute by using Topology Independent Loop-free
62	   Alternate fast reroute, which is independent of network topology and
63	   can achieve the coverage of more network environments.

[minor]
An abstract should be about what is included within this document and be clear about objectives and the procedures. WHat about following alternate abstract:

"
This document specifies the use of Topology Independent Loop-Free Alternate (TI-LFA) mechanisms with Multicast Only Fast ReRoute (MoFRR) for Protocol Independent Multicast (PIM). TI-LFA provides fast reroute protection for unicast traffic in IP networks by precomputing backup paths that avoid potential failures. By integrating TI-LFA with MoFRR, this document extends the benefits of fast reroute mechanisms to multicast traffic, enabling enhanced resilience and minimized packet loss in multicast networks. The document outlines the necessary protocol extensions and operational considerations to implement TI-LFA in conjunction with MoFRR for PIM, ensuring that multicast traffic is rapidly rerouted in the event of a failure.
"

84	1. Introduction
85
86	   As the deployment of video services, operators are paying more and
87	   more attention to solutions that minimize the service disruption due
88	   to faults in the IP network carrying the packets for these services.
89	   Multicast-only Fast Reroute (MoFRR) has been defined in [RFC7431],
90	   which can minimize multicast packet loss in a network when node or
91	   link failures occur by making simple enhancements to multicast
92	   routing protocols such as Protocol Independent Multicast (PIM). But
93	   the selection of the secondary multicast next hop only according to
94	   the loop-free alternate fast reroute in [RFC7431], and there are
95	   limitations in multicast deployments for this mechanism. This
96	   document describes a new mechanism for Multicast-only Fast Reroute
97	   using Topology Independent Loop-free Alternate (TI-LFA) fast
98	   reroute, which is independent of network topology and can achieve
99	   covering more network environments. This document applies to PIM
100	   networks, including scenarios where PIM operates over native IP, as
101	   well as public network multicast trees established by PIM. It covers
102	   scenarios involving RFC 6037 MDT SAFI for MVPN and RFC 6514 (PIM-SSM
103	   Tree, PIM-SM Tree, BIDIR-PIM Tree).

[minor]
proposed rewrite:

"
The increasing deployment of video services has heightened the importance for network operators to implement solutions that minimize service disruptions caused by faults in the IP networks carrying these services. Multicast-only Fast Reroute (MoFRR), as defined in [RFC7431], offers a mechanism to reduce multicast packet loss in the event of node or link failures by introducing simple enhancements to multicast routing protocols, such as Protocol Independent Multicast (PIM). However, the current MoFRR mechanism, which selects the secondary multicast next hop based solely on the loop-free alternate fast reroute defined in [RFC7431], has limitations in certain multicast deployment scenarios.

This document introduces a new mechanism for Multicast-only Fast Reroute using Topology Independent Loop-Free Alternate (TI-LFA) fast reroute. Unlike traditional methods, TI-LFA is independent of network topology, enabling broader coverage across diverse network environments. The applicability of this mechanism extends to PIM networks, including scenarios where PIM operates over native IP, as well as public network multicast trees established by PIM. Additionally, this document addresses scenarios involving RFC 6037 MDT SAFI for Multicast VPN (MVPN) and RFC 6514, covering PIM-SSM Tree, PIM-SM Tree, and BIDIR-PIM Tree deployments.
"

113	 1.2. Terminology
114
115	   This document use the terms defined in [RFC7431], and also use the
116	   concepts defined in [RFC7490]. The specific content of each term is
117	   not described in this document.

[minor]
proposed rewrite:

"
This document utilizes the terminology as defined in [RFC7431] and incorporates the concepts established in [RFC7490]. The definitions of individual terms are not reiterated within this document.
"

119	2. Problem Statement
120
121	 2.1. LFA for MoFRR
122
123	   In [RFC7431] section 3, the secondary Upstream Multicast Hop (UMH)
124	   of PIM for MoFRR is a loop-free alternate (LFA). However, the
125	   traditional LFA mechanism needs to satisfy at least one neighbor
126	   whose next hop to the destination node is an acyclic next hop,
127	   existing limitations in network deployments, and can only cover part
128	   of the network topology environments. In some network topologies,
129	   the corresponding secondary UMH cannot be calculated, so PIM cannot
130	   establish a standby multicast tree and cannot implement MoFRR
131	   protection. Therefore, the current MoFRR of PIM is only available in
132	   the network topology applicable to LFA.
133
134	   The problem of current MoFRR applicability can be illustrated by the
135	   example network shown in Figure 1. The metric of R1-R4 link is 20,
136	   the metric of R5-R6 link is 100, and the metrics of other links are
137	   10.
138
139	   Towards multicast source S1, the primary path of the PIM join packet
140	   is R3->R2->R1, and the secondary path is R3->R4->R1, which is the
141	   same as the LFA path of unicast routing. In this case, the current
142	   MoFRR can work well.
143
144	   Towards multicast source S2, the primary path of the PIM join packet
145	   is R3->R2. However, the LFA does not exist. If R3 sends the packet
146	   to R4, R4 will forward it back to R3, as the IGP shortest path from
147	   R4 to R1 is R4->R3->R2. In this case, the secondary UMH cannot be
148	   calculated by the current MoFRR. Similarly for multicast source S3,
149	   the current MoFRR does not work either.
150
151	            [S1]---(R1)----------(R4)
152	                    |             |
153	                    |             |
154	                    |             |
155	                    |             |             ------+------
156	            [S2]---(R2)----------(R3)---[R]     Link  |Metric
157	                    |             |             ------+------
158	                    |             |             R1-R4 | 20
159	                    |             |             R5-R6 | 100
160	                    |             |             Other | 10
161	            [S3]---(R5)---(R6)---(R7)           ------+------
162
163	                   Figure 1:  Example Network Topology

[minor]
The use of "acyclic next hop" is changed to loop-free as that is terminology most people will be familiar with

[minor]
proposed rewrite:

"
Section 3 of [RFC7431] specifies that the secondary Upstream Multicast Hop (UMH) in PIM for MoFRR is a Loop-Free Alternate (LFA). However, the traditional LFA mechanism requires that at least one neighbor's next hop to the destination node is an loop-free next hop. Due to existing limitations in network deployments, this mechanism only covers certain network topology environments. In specific network topologies, the corresponding secondary UMH cannot be computed, preventing PIM from establishing a standby multicast tree and thus from implementing MoFRR protection. Consequently, the current MoFRR functionality in PIM is applicable only in network topologies where LFA is feasible.

The limitations of the current MoFRR applicability can be illustrated using the example network depicted in Figure 1. In this example, the metric of the R1-R4 link is 20, the metric of the R5-R6 link is 100, and the metrics of the other links are 10.

For multicast source S1, the primary path of the PIM join packet is R3->R2->R1, and the secondary path is R3->R4->R1, which corresponds to the LFA path of unicast routing. In this scenario, the current MoFRR operates effectively.

For multicast source S2, the primary path of the PIM join packet is R3->R2. However, an LFA does not exist. If R3 sends the packet to R4, R4 will forward it back to R3 because the Interior Gateway Protocol (IGP) shortest path from R4 to R1 is R4->R3->R2. In this case, the current MoFRR cannot calculate a secondary UMH. Similarly, for multicast source S3, the current MoFRR mechanism is ineffective.

        [S1]---(R1)----------(R4)
                |             |
                |             |
                |             |
                |             |             ------+------
        [S2]---(R2)----------(R3)---[R]     Link  |Metric
                |             |             ------+------
                |             |             R1-R4 | 20
                |             |             R5-R6 | 100
                |             |             Other | 10
        [S3]---(R5)---(R6)---(R7)           ------+------

        Figure 1: Example Network Topology
"

165	 2.2. RLFA for MoFRR
166
167	   The remote loop-free alternate (RLFA) defined in [RFC7490] is
168	   extended from the LFA and can cover more network deployment
169	   scenarios through the tunnel as an alternate path. The RLFA
170	   mechanism needs to satisfy at least one node assumed to be N in the
171	   network that the fault node is neither on the path from the source
172	   node to the N node, nor on the path from the N node to the
173	   destination node.
174
175	   [RFC5496] defines the RPF Vector attribute that can be carried in
176	   the PIM Join packet such that the path is selected based on the
177	   unicast reachability of the RPF Vector. The secondary multicast tree
178	   of MoFRR can be established by using the combination of RLFA
179	   mechanism and RPF Vector, which would cover more network topologies
180	   than the current MoFRR with LFA.
180
182	   For example, in the network of Figure 1, the secondary path of PIM
183	   join packet towards multicast source S2 cannot be calculated by the
184	   current MoFRR, as mentioned above. Based on the RLFA mechanism, R3
185	   sends the packet to R4 along with an RPF Vector containing the IP
186	   address of R1, which is the PQ node of R3 with respect to the
187	   protected link R2-R3. Then R4 will forward the packet to R1 through
188	   the link R1-R4, according to the unicast route for the RPF Vector.
189	   R1 continues to forward the packet to R2, and the secondary path,
190	   R3->R4->R1->R2, is established by MoFRR with RLFA.

[minor]
proposed rewrite:

"
The Remote Loop-Free Alternate (RLFA), as defined in [RFC7490], extends the traditional LFA mechanism, allowing it to accommodate a broader range of network deployment scenarios by utilizing a tunnel as an alternate path. The RLFA mechanism requires that there exists at least one node, denoted as node N, in the network where the fault node is neither on the path from the source node to node N nor on the path from node N to the destination node.

[RFC5496] introduces the RPF Vector attribute, which can be included in the PIM Join packet to ensure that the path is selected based on the unicast reachability of the RPF Vector. By combining the RLFA mechanism with the RPF Vector, the secondary multicast tree for MoFRR can be established, thereby supporting a wider range of network topologies compared to the current MoFRR implementation with LFA.

For instance, in the network illustrated in Figure 1, the secondary path for the PIM Join packet towards multicast source S2 cannot be computed by the current MoFRR, as previously described. Utilizing the RLFA mechanism, R3 sends the packet to R4, including an RPF Vector containing the IP address of R1, which serves as the PQ node of R3 with respect to the protected R2-R3 link. Subsequently, R4 forwards the packet to R1 via the R1-R4 link, in accordance with the unicast route associated with the RPF Vector. R1 then continues to forward the packet to R2, thereby establishing the secondary path, R3->R4->R1->R2, using MoFRR with RLFA.
"

192	 2.3. TI-LFA for MoFRR
193
194	   However, RLFA is also topology dependent. In the network of Figure
195	   1, towards multicast source S3, the primary path of the PIM join
196	   packet is R3->R2->R5, but the RLFA path does not exist. This is
197	   because the PQ node of R3 with respect to the protected link R2-R3
198	   does not exist. If R3 sends the packet to R7 along with an RPF
199	   Vector containing the IP address of R5, R7 will forward it back to
200	   R3, since the IGP shortest path from R7 to R5 is R7->R3->R2->R5. Or,
201	   if R3 sends the packet to R7 along with an RPF Vector containing the
202	   IP address of R6, R7 will forward it to R6, but then R6 will forward
203	   it back to R7, since the IGP shortest path from R6 to R5 is
204	   R6->R7->R3->R2->R5. In this case, the secondary UMH cannot be
205	   calculated by MoFRR with RLFA.
206
207	   RLFA only has enhancement compared to LFA but still has limitations.
208	   [I-D.ietf-rtgwg-segment-routing-ti-lfa] defines a unicast FRR
209	   solution based on the TI-LFA mechanism. The TI-LFA mechanism can
210	   express the backup path with an explicit path, and has no constraint
211	   on the topology, providing a more reliable FRR mechanism. The
212	   unicast traffic can be forwarded according to the explicit path list
213	   as an alternate path to implement unicast traffic protection, and
214	   can achieve full coverage of various networking environments.
215
216	   The alternate path provided by the TI-LFA mechanism is actually a
217	   Segment List, including the NodeSID of P space node and the
218	   Adjacency SID(s) of link(s) between the P space and the Q space. PIM
219	   can look up the corresponding node IP address in the unicast route
220	   according to the NodeSID, and the IP addresses of the two endpoints
221	   of the corresponding link in the unicast route according to the
222	   Adjacency SIDs, but the multicast protocol packets cannot be
223	   directly sent along the path of the Segment List.
224
225	   PIM join messages need to be sent hop-by-hop to establish a standby
226	   multicast tree. However, not all of the nodes and links on the
227	   unicast alternate path are included in the Segment List. If the PIM
228	   protocol packets are transmitted only in unicast mode, then
229	   equivalently the PIM packets are transmitted through the unicast
230	   tunnel like unicast traffic, and cannot pass through the
231	   intermediate nodes of the tunnel. The intermediate nodes of the
232	   alternate path cannot forward multicast traffic because there are no
233	   PIM state entries on the nodes. PIM needs to create entries on the
234	   device hop-by-hop and generate an incoming interface and an outgoing
235	   interface list. So, it can form an end-to-end complete multicast
236	   tree for forwarding multicast traffic. Therefore, simply sending PIM
237	   join packets with the Segment List, like the unicast traffic, cannot
238	   establish a standby multicast tree.

[minor]
proposed rewrite:

"
While RLFA provides enhanced capabilities over LFA, it remains dependent on the network topology. In the network depicted in Figure 1, the primary path of the PIM Join packet towards multicast source S3 is R3->R2->R5. However, an RLFA path does not exist because the PQ node of R3 with respect to the protected link R2-R3 is absent. If R3 sends the packet to R7 with an RPF Vector containing the IP address of R5, R7 will forward it back to R3, as the IGP shortest path from R7 to R5 is R7->R3->R2->R5. Similarly, if R3 sends the packet to R7 with an RPF Vector containing the IP address of R6, R7 will forward it to R6, but R6 will then forward it back to R7, as the IGP shortest path from R6 to R5 is R6->R7->R3->R2->R5. In this scenario, MoFRR with RLFA is unable to compute a secondary UMH.

RLFA offers improvements over LFA but still has inherent limitations. [I-D.ietf-rtgwg-segment-routing-ti-lfa] defines a unicast FRR solution based on the TI-LFA mechanism. The TI-LFA mechanism allows the expression of a backup path using an explicit path and imposes no constraints on the network topology, thus providing a more robust FRR mechanism. Unicast traffic can be forwarded according to an explicit path list as an alternate path to protect unicast traffic, achieving full coverage across various network environments.

The alternate path provided by the TI-LFA mechanism is represented as a Segment List, which includes the NodeSID of the P-space node and the Adjacency SIDs of the links between the P-space and Q-space nodes. PIM can look up the corresponding node IP address in the unicast route according to the NodeSID and the IP addresses of the endpoints of the corresponding link in the unicast route according to the Adjacency SIDs. However, multicast protocol packets cannot be directly forwarded along the path of the Segment List.

To establish a standby multicast tree, PIM Join messages need to be transmitted hop-by-hop. However, not all nodes and links on the unicast alternate path are included in the Segment List. If PIM protocol packets are transmitted solely in unicast mode, they effectively traverse the unicast tunnel like unicast traffic and do not pass through the intermediate nodes of the tunnel. Consequently, the intermediate nodes on the alternate path cannot forward multicast traffic because they lack PIM state entries. PIM must create entries on each device hop-by-hop, generating an incoming interface and an outgoing interface list, to form a complete end-to-end multicast tree for forwarding multicast traffic. Therefore, simply sending PIM Join packets using the Segment List, as done with unicast traffic, is insufficient to establish a standby multicast tree.
"

240	3. Solution
241
242	   A secondary Upstream Multicast Hop (UMH) is a candidate next-hop
243	   that can be used to reach the root of the tree.  In this document
244	   the secondary UMH is based on unicast routing to find the Segment
245	   List calculated by TI-LFA.
246
247	   In principle, the path information of the Segment List is added to
248	   the PIM packets to guide the hop-by-hop RPF selection. The IP
249	   address of the node corresponding to the Node SID can be used as the
250	   segmented root node, and the IP addresses of the interfaces at both
251	   endpoints of the link corresponding to the Adjacency SID can be used
252	   directly as the local upstream interface and upstream neighbor.
253
254	   For the PIM protocol, the PIM RPF Vector attribute was defined in
255	   [RFC5496], which can carry the node IP address corresponding to the
256	   Node SID. The explicit RPF Vector was defined in [RFC7891], which
257	   can carry the peer IP address corresponding to the Adjacency SID.
258
259	   This document can use the above two RPF Vector standards and does
260	   not need to extend the PIM protocol, to establish the standby
261	   multicast tree according to the Segment List calculated by TI-LFA,
262	   and can achieve full coverage of various networking environments for
263	   MoFRR protection of multicast services.
264
265	   Assume that the Segment List calculated by TI-LFA is (NodeSID(A),
266	   AdjSID(A-B)). Node A belongs to the P Space, and node B belongs to
267	   the Q space. The IP address corresponding to NodeSID(A) can be
268	   looked up in the local link state database of the IGP protocol, and
269	   can be assumed to be IP-a. The IP addresses of the two endpoints of
270	   the link corresponding to AdjSID(A-B) can also be looked up in the
271	   local link state database of the IGP protocol, and can be assumed to
272	   be IP-La and IP-Lb.
273
274	   In the procedure of PIM, IP-a can be regarded as the normal RPF
275	   Vector Attribute and added to the PIM join packet. IP-La can be
276	   regarded as the local address of the incoming interface, and IP-Lb
277	   can be regarded as the address of the upstream neighbor. So IP-Lb
278	   can be added to the PIM join packet as the explicit RPF Vector
279	   Attribute.
280
281	   The PIM protocol firstly can select the RPF incoming interface and
282	   upstream towards IP-a, and can join hop-by-hop to establish the PIM
283	   standby multicast tree until the node A. On the node A, IP-Lb can be
284	   regarded as the PIM upstream neighbor. The node A can find the
285	   incoming interface in the unicast routing table according to the IP-
286	   Lb, and IP-Lb is used as the RPF upstream address of the PIM join
287	   packet to the node B.
288
289	   After the PIM join packet is received on the node B, the PIM
290	   protocol can find no more RPF Vector Attributes and select the RPF
291	   incoming interface and upstream towards the multicast source
292	   directly, and then can continue to join hop-by-hop to establish the
293	   PIM standby multicast tree until the router directly connected the
294	   source.

[minor]
proposed rewrite:

"
A secondary Upstream Multicast Hop (UMH) serves as a candidate next-hop that can be used to reach the root of the multicast tree. In this document, the secondary UMH is derived from unicast routing, utilizing the Segment List computed by TI-LFA.

In essence, the path information from the Segment List is incorporated into the PIM packets to guide hop-by-hop Reverse Path Forwarding (RPF) selection. The IP address corresponding to the Node SID can be used as the segmented root node, while the IP addresses of the interfaces at both endpoints of the link associated with the Adjacency SID can be directly used as the local upstream interface and upstream neighbor.

For the PIM protocol, [RFC5496] defines the PIM RPF Vector attribute, which can carry the node IP address corresponding to the Node SID. Additionally, [RFC7891] defines the explicit RPF Vector, which can carry the peer IP address corresponding to the Adjacency SID.

This document leverages the existing RPF Vector standards, obviating the need for PIM protocol extensions. This approach allows the establishment of a standby multicast tree based on the Segment List calculated by TI-LFA, thereby providing comprehensive MoFRR protection for multicast services across diverse network environments.

Consider a Segment List calculated by TI-LFA as (NodeSID(A), AdjSID(A-B)). Node A belongs to the P space, and node B belongs to the Q space. The IP address corresponding to NodeSID(A) can be retrieved from the local link-state database of the IGP protocol and assumed to be IP-a. Similarly, the IP addresses of the two endpoints of the link corresponding to AdjSID(A-B) can also be retrieved from the local link-state database and assumed to be IP-La and IP-Lb.

Within the PIM process, IP-a is treated as the standard RPF Vector Attribute and added to the PIM Join packet. IP-La is considered the local address of the incoming interface, and IP-Lb is regarded as the address of the upstream neighbor. Consequently, IP-Lb can be included in the PIM Join packet as the explicit RPF Vector Attribute.

The PIM protocol initially selects the RPF incoming interface and upstream neighbor towards IP-a and proceeds hop-by-hop to establish the PIM standby multicast tree until reaching node A. At node A, IP-Lb is treated as the PIM upstream neighbor. Node A identifies the incoming interface in the unicast routing table based on IP-Lb, and IP-Lb is used as the RPF upstream address for the PIM Join packet directed towards node B.

Upon receiving the PIM Join packet at node B, the PIM protocol, finding no additional RPF Vector Attributes, selects the RPF incoming interface and upstream neighbor towards the multicast source directly. The protocol then continues hop-by-hop to establish the PIM standby multicast tree, extending to the router directly connected to the source.
"

296	4. Illustration
297
298	   This section provides an illustration of MoFRR based on TI-LFA. The
299	   example topology is shown in Figure 2. The metric of R3-R4 link is
300	   100, and the metrics of other links are 10. All the link metrics are
301	   bidirectional.
302
303	                     <-----Priamry Path--- (S,G) Join
304
305	             [S]---(R1)---(R2)******(R6)-------[R]
306	                            |        |
307	                     <---   |        |   |
308	                        |   |        |   |
309	                        |   |       (R5) |
310	                        |   |        |   |
311	                        |   |        |   |
312	                        |   |        |   |
313	                        | (R3)------(R4) |
314	                        |                |
315	                        --Secondary Path--
316
317	                    Figure 2:  Example Topology
318
319	   The IP addresses and SIDs, which may be involved in the MoFRR
320	   calculation, are configured as following:
321
322	   IPv4 Data Plane (MPLS-SR)
323
324	     Node    IP Address   Node SID
325	     R4      IP4-R4       Label-R4
326
327	     Link    IP Address   Adjacency SID
328	     R3->R4  IP4-R3-R4    Label-R3-R4
329	     R4->R3  IP4-R4-R3    Label-R4-R3
330
331	   IPv6 Data Plane (SRv6)
332
333	     Node    IP Address   Node SID (End)
334	     R4      IP6-R4       SID-R4
335
336	     Link    IP Address   Adjacency SID (End.X)
337	     R3->R4  IP6-R3-R4    SID-R3-R4
338	     R4->R3  IP6-R4-R3    SID-R4-R3
339
340	   The primary path of the PIM join packet is R6->R2->R1, and the
341	   secondary path is R6->R5->R4->R3->R2->R1. However, the traditional
342	   LFA does not work properly for the secondary path, because the
343	   shortest path to R2 from R5 (or from R4) still goes through R6-R2
344	   link. In this case, R6 needs to calculate the secondary UMH using
345	   the proposed MoFRR method based on TI-LFA.
346
347	   According to the TI-LFA algorithm, P-Space and Q-Space are shown in
348	   Figure 3. The TI-LFA repair path consists of the Node SID of R4 and
349	   the Adjacency SID of R4->R3. On MPLS-SR data plane, the repair
350	   segment list is (Label-R4, Label-R4-R3). On SRv6 data plane, the
351	   repair segment list is (SID-R4, SID-R4-R3).
352
353	                           ........
354	                           .      .
355	                 [S]---(R1)---(R2)******(R6)---[R]
356	                           .   |  .     |
357	                           .   |  .  +++|++++
358	                           .   |  .  +  |   +
359	                           .   |  .  + (R5) +
360	                           .   |  .  +  |   +
361	                           .   |  .  +  |   +
362	                           .   |  .  +  |   +
363	                           . (R3)------(R4) +
364	                           .      .  +      +
365	                           ........  ++++++++
366	                           Q-Space    P-Space
367
368	                   Figure 3:  P-Space and Q-Space
369
370	   In the procedure of PIM, the IP addresses associated with the repair
371	   segment list are looked up in the IGP link state database.
372
373	   On IPv4 data plane, the Node SID Label-R4 corresponds to IP4-R4,
374	   which will be carried in the RPF Vector Attribute. The Adjacency SID
375	   Label-R4-R3 corresponds to local address IP4-R4-R3 and remote peer
376	   address IP4-R3-R4, and IP4-R3-R4 will be carried in the Explicit RPF
377	   Vector Attribute.
378
379	   On IPv6 data plane, the End SID SID-R4 corresponds to IP6-R4, which
380	   will be carried in the RPF Vector Attribute. The End.X SID SID-R4-R3
381	   corresponds to local address IP6-R4-R3 and remote peer address IP6-
382	   R3-R4, and IP6-R3-R4 will be carried in the Explicit RPF Vector
383	   Attribute.
384
385	   Then, R6 installs the secondary UMH with these RPF Vectors.
386
387	             +---------+
388	             |Type = 0 |
389	             |IP4-R4   |
390	             +---------+    +---------+
391	             |Type = 4 |    |Type = 4 |
392	             |IP4-R3-R4|    |IP4-R3-R4|
393	             +---------+    +---------+   No RPF Vector
394
395	          R6----->R5---->R4------------>R3----->R2---->R1
396
397	    Figure 4:  Forwarding PIM Join Packet along Secondary Path (IPv4)
398
399	   On IPv4 data plane, the forwarding of PIM join packet along the
400	   secondary path is shown in Figure 4.
401
402	   R6 inserts two RPF Vector Attributes in the PIM join packet, which
403	   are IP4-R4 of Type 0 (RPF Vector Attribute) and IP4-R3-R4 of Type 4
404	   (Explicit RPF Vector Attribute). Then R6 forwards the packet along
405	   the secondary path.
406
407	   When R5 receives the packet, R5 performs a unicast route lookup of
408	   the first RPF Vector IP4-R4 and sends the packet to R4.
409
410	   R4 is the owner of IP4-R4, so it removes the first RPF Vector from
411	   the packet and forwards according to the following RPF Vector. R4
412	   sends the packet to R3 according to the next RPF Vector IP4-R3-R4,
413	   since its PIM neighbor R3 corresponds to IP4-R3-R4.
414
415	   When R3 receives the packet, as the owner of IP4-R3-R4, it removes
416	   the RPF Vector. Then the packet has no RPF Vector, and will be
417	   forwarded to the source through R3->R2->R1 according to unicast
418	   routes.
419
420	   After the PIM join packet reaches R1, a secondary multicast tree,
421	   R1->R2->R3->R4->R5->R6, is established hop-by-hop for (S, G) by
422	   MoFRR based on TI-LFA.
423
424	             +---------+
425	             |Type = 0 |
426	             |IP6-R4   |
427	             +---------+    +---------+
428	             |Type = 4 |    |Type = 4 |
429	             |IP6-R3-R4|    |IP6-R3-R4|
430	             +---------+    +---------+   No RPF Vector
431
432	          R6----->R5---->R4------------>R3----->R2---->R1
433
434	    Figure 5:  Forwarding PIM Join Packet along Secondary Path (IPv6)
435
436	   On IPv6 data plane, the forwarding of PIM join packet along the
437	   secondary path is shown in Figure 5. The procedure is similar with
438	   IPv4 data plane.

[minor]
proposed rewrite:

"
This section provides an illustration of MoFRR based on TI-LFA. The example topology is depicted in Figure 2. The metric for the R3-R4 link is 100, while the metrics for the other links are 10. All link metrics are bidirectional.

                     <-----Primary Path--- (S,G) Join

             [S]---(R1)---(R2)******(R6)-------[R]
                            |        |
                     <---   |        |   |
                        |   |        |   |
                        |   |       (R5) |
                        |   |        |   |
                        |   |        |   |
                        |   |        |   |
                        | (R3)------(R4) |
                        |                |
                        --Secondary Path--

                    Figure 2: Example Topology

The IP addresses and Segment Identifiers (SIDs) involved in the MoFRR calculation are configured as follows:

   IPv4 Data Plane (MPLS-SR)

     Node    IP Address   Node SID
     R4      IP4-R4       Label-R4

     Link    IP Address   Adjacency SID
     R3->R4  IP4-R3-R4    Label-R3-R4
     R4->R3  IP4-R4-R3    Label-R4-R3

   IPv6 Data Plane (SRv6)

     Node    IP Address   Node SID (End)
     R4      IP6-R4       SID-R4

     Link    IP Address   Adjacency SID (End.X)
     R3->R4  IP6-R3-R4    SID-R3-R4
     R4->R3  IP6-R4-R3    SID-R4-R3

The primary path of the PIM Join packet is R6->R2->R1, and the secondary path is R6->R5->R4->R3->R2->R1. However, the traditional LFA does not function properly for the secondary path because the shortest path to R2 from R5 (or from R4) still traverses the R6-R2 link. In this scenario, R6 must calculate the secondary UMH using the proposed MoFRR method based on TI-LFA.

According to the TI-LFA algorithm, the P-space and Q-space are illustrated in Figure 3. The TI-LFA repair path consists of the Node SID of R4 and the Adjacency SID of R4->R3. On the MPLS-SR data plane, the repair segment list is (Label-R4, Label-R4-R3). On the SRv6 data plane, the repair segment list is (SID-R4, SID-R4-R3).

                           ........
                           .      .
                 [S]---(R1)---(R2)******(R6)---[R]
                           .   |  .     |
                           .   |  .  +++|++++
                           .   |  .  +  |   +
                           .   |  .  + (R5) +
                           .   |  .  +  |   +
                           .   |  .  +  |   +
                           .   |  .  +  |   +
                           . (R3)------(R4) +
                           .      .  +      +
                           ........  ++++++++
                           Q-Space    P-Space

                   Figure 3: P-Space and Q-Space

In the PIM process, the IP addresses associated with the repair segment list are retrieved from the IGP link-state database.

On the IPv4 data plane, the Node SID Label-R4 corresponds to IP4-R4, which will be carried in the RPF Vector Attribute. The Adjacency SID Label-R4-R3 corresponds to the local address IP4-R4-R3 and the remote peer address IP4-R3-R4, with IP4-R3-R4 carried in the Explicit RPF Vector Attribute.

On the IPv6 data plane, the End SID SID-R4 corresponds to IP6-R4, which will be carried in the RPF Vector Attribute. The End.X SID SID-R4-R3 corresponds to the local address IP6-R4-R3 and the remote peer address IP6-R3-R4, with IP6-R3-R4 carried in the Explicit RPF Vector Attribute.

Subsequently, R6 installs the secondary UMH using these RPF Vectors.

             +---------+
             |Type = 0 |
             |IP4-R4   |
             +---------+    +---------+
             |Type = 4 |    |Type = 4 |
             |IP4-R3-R4|    |IP4-R3-R4|
             +---------+    +---------+   No RPF Vector

          R6----->R5---->R4------------>R3----->R2---->R1

        Figure 4: Forwarding PIM Join Packet along Secondary Path (IPv4)

On the IPv4 data plane, the forwarding of the PIM Join packet along the secondary path is shown in Figure 4.

R6 inserts two RPF Vector Attributes in the PIM Join packet: IP4-R4 of Type 0 (RPF Vector Attribute) and IP4-R3-R4 of Type 4 (Explicit RPF Vector Attribute). R6 then forwards the packet along the secondary path.

When R5 receives the packet, it performs a unicast route lookup of the first RPF Vector IP4-R4 and sends the packet to R4.

R4, being the owner of IP4-R4, removes the first RPF Vector from the packet and forwards it according to the next RPF Vector. R4 sends the packet to R3 based on the next RPF Vector IP4-R3-R4, as its PIM neighbor R3 corresponds to IP4-R3-R4.

When R3 receives the packet, as the owner of IP4-R3-R4, it removes the RPF Vector. The packet, now devoid of RPF Vectors, is forwarded to the source through R3->R2->R1 based on unicast routes.

After the PIM Join packet reaches R1, a secondary multicast tree, R1->R2->R3->R4->R5->R6, is established hop-by-hop for (S, G) using MoFRR based on TI-LFA.

             +---------+
             |Type = 0 |
             |IP6-R4   |
             +---------+    +---------+
             |Type = 4 |    |Type = 4 |
             |IP6-R3-R4|    |IP6-R3-R4|
             +---------+    +---------+   No RPF Vector

          R6----->R5---->R4------------>R3----->R2---->R1

        Figure 5: Forwarding PIM Join Packet along Secondary Path (IPv6)

On the IPv6 data plane, the forwarding of the PIM Join packet along the secondary path is illustrated in Figure 5. The procedure is analogous to that of the IPv4 data plane.

444	6. Security Considerations
445
446	   This document does not change the security properties of PIM. For
447	   general PIM-SM protocol Security Considerations, see [RFC7761].

[major]
When deploying TILFA the packet may be sent over nodes and links it was not transported before, opening security issues. 

for example have a look at following LFA security considerations. Maybe some of these influence and have  relevance when applied to MoFRR:


1. Spoofing and False Route Advertisements

* LFA/R-LFA/TI-LFA Dependencies on Routing Information:

  - LFAs depend on accurate routing information to determine alternate paths. If an attacker can inject false routing information (e.g., by spoofing link-state advertisements), it could cause the network to select suboptimal or malicious paths for LFAs.

  - R-LFA and TI-LFA also depend on accurate routing information, particularly for determining the tunneling paths or explicit paths. False route advertisements could mislead the network into using insecure or compromised paths.

2. Man-in-the-Middle (MitM) Attacks

* Use of Alternate Paths:

  - By rerouting traffic through alternate paths, especially those that traverse multiple hops (as in R-LFA and TI-LFA), the risk of MitM attacks increases if any of the intermediate routers on the alternate path are compromised.

  - TI-LFA, which uses explicit paths, might expose traffic to routers that were not originally in the primary path, potentially allowing for interception or alteration of the traffic.

3. Confidentiality and Integrity

* Traffic Encapsulation:

  - R-LFA and TI-LFA involve encapsulating traffic, which may expose it to vulnerabilities if the encapsulation mechanisms are not secure. For instance, if IPsec or another secure encapsulation method is not used, an attacker might be able to intercept or alter the traffic in transit.

* Protection of Explicit Paths:

  - TI-LFA relies on explicit paths that are typically defined using segment routing. If these paths are not properly protected, an attacker could manipulate the segment list to reroute traffic through malicious nodes.

4. Increased Attack Surface

* Extended Topology:

  - By introducing LFAs, R-LFAs, and TI-LFAs, the network increases its reliance on additional routers and links, thereby expanding the potential attack surface. Compromise of any router in these alternate paths could expose traffic to unauthorized access or disruption.

5. Complexity and Configuration Errors

* Misconfigurations:

  - The complexity of configuring LFAs, R-LFAs, and TI-LFAs increases the risk of misconfigurations, which could inadvertently create security vulnerabilities, such as routing loops or the selection of insecure paths.

* Overhead and Resource Exhaustion:

  - The additional overhead introduced by encapsulation in R-LFA and the use of segment routing in TI-LFA can be exploited by attackers to exhaust network resources, such as CPU and memory, on routers.

6. Trust Model

* Trust in Routing Infrastructure:

  - The security of LFA, R-LFA, and TI-LFA mechanisms relies heavily on the trustworthiness of the underlying routing infrastructure. If the control plane is compromised (e.g., through route poisoning), the alternate paths selected by these mechanisms could lead to traffic being routed through untrusted or compromised parts of the network.

7. Securing the Routing Protocols

* Use of Secure Routing Protocols:

  - To mitigate the risks associated with false route advertisements and MitM attacks, it is recommended to use secure routing protocols (e.g., OSPFv3 with IPsec, or ISIS HMAC-SHA256 ) that provide authentication and integrity protection for routing updates.

8. Monitoring and Detection

* Anomaly Detection:

  - Implementing monitoring and anomaly detection mechanisms can help identify when traffic is being rerouted in unexpected ways, which could indicate a security issue with LFA, R-LFA, or TI-LFA mechanisms.



"