Telecommunications networks employ a wide variety of redundancy mechanisms in order to provide high resource availability. Generally speaking, a redundancy mechanism involves an active device and one or more inactive devices (standbys) and it improves resource availability by switching over to activate an inactive device when an active device fails or is taken off service due to a variety of reasons. However, routing and bridging protocol devices are not designed to easily allow dual or synchronous standby architecture within routers and switches to provide high availability. TCP/IP (Transmission Control Protocol/Internet Protocol), MPLS (Multi-Protocol Label Switching) BGP (Border Gateway Protocol) and OSPF (Open Shortest Path First) are examples of such routing and bridging protocols and are presently widely in use throughout the telecommunications network. The difficulty in implementing redundancy mechanisms in such protocols stems from the fact that such protocols exchange messages over telecommunications paths or connections which span over a wide geographical areas. Routing information, including setup/teardown of connections, must be constantly updated with co-operation by many nodes spread over the network. The active device uses such information to control the connections among nodes. When activated, the inactive device must also have same information to maintain the proper operation of the network. It is desired that no connections are dropped by an activity switch.
One known redundancy technique for addressing process failures involves configuring two or more devices from different vendors in parallel. It is assumed that devices from different vendors are susceptible to different types of failures, such as those that might be caused by an offending message, a hardware fault, or a software fault. This type of redundancy technique is generally expensive due to the inherent cost of the multiple devices and because using equipment from multiple vendors causes additional operation, support, network management, and training costs. Additionally, the technique requires additional messages to be exchanged to move through paths onto tandem devices, if any, thus increasing cost, complexity, and network traffic.
Among the redundancy techniques, some keep the inactive module or device (control card) in cold standby and others keep the inactive control card in hot standby with the active card. In the cold standby, an activity switch (switch-over from an active card to an inactive or standby card) requires starting of the inactive card from cold. The starting of the standby card generally involves discovering routes, connections or paths, loading the routing information and re-establishing connections. These operations flood the network and also take a substantial amount of time, resulting in dropped connections or other undesirable effects. In the hot standby scheme, some or all of the protocol stacks are run by both the active and inactive modules concurrently for at least a certain required period of time so that they both hold same routing information and other necessary data. An activity switch does not involve discovery of routes, connections or paths before the take-over by the inactive card but the active and inactive cards must be synchronous with one another so that a hitless (faultless) switch-over can be performed. The synchronization between two cards in the execution of the protocol stacks is important. Running a protocol stack in identical active and inactive control cards does not necessarily ensure synchrony due to the fact that the active card may have additional tasks that the inactive card needs not perform. It is also possible that both cards are of different releases or of different venders. In such cases, the same protocol stacks may not be executed synchronously and may result in different decisions to be made on a same stimulus.
United States Patent Application No. 20020141429 published on Oct. 3, 2002, Pegrum et al, is entitled “High Availability Packet Forwarding Apparatus and Method”. Its abstract states:                A high availability packet forwarding router for an internet protocol (IP) network, includes two control processors, one or more service termination cards (STCs) with forwarding information bases (FIBs), and a packet forwarding engine. The two processors run asynchronously in a master/standby relationship. Integrity of processes running on the control processors is monitored and the forwarding engine forwards packets according to a FIB maintained by an in-service one of the control processors. Hitless failover and hitless software upgrades are supported.        
This application does not address how the control processors are kept in the master/standby relationship, particularly with respect to RSVP, RSVP being part of MPLS protocol. It is silent about how the two controllers are kept in hot standby to provide control processor protection to a single LSP (Label Switched Path).
Applicant's U.S. patent application Ser. No. 10/350,817 filed on Jan. 24, 2003 entitled “Method and Apparatus for Facilitating Routing Protocol Redundancy in a Network Element” by Kendall Harvey et al discloses a method and apparatus for synchronizing routing protocol information associated with a plurality of routing modules of a network element. The application describes cases of adding an additional routing module to a network element or switching over to a standby module. One disclosed embodiment facilitates synchronization of redundant routing modules in a network element. In that embodiment, lower layer protocol (e.g., TCP) and higher layer protocol (e.g., BGP) tasks of a first routing module are synchronized with respective lower layer protocol (e.g., TCP) and higher layer protocol (e.g., BGP) tasks of a second routing module. The first routing module and the second routing module are redundant routing modules within a network element. Protocol information (e.g., TCP packets, BGP packets, etc) that is processed on the first routing module (e.g., an active one of a plurality of redundant routing modules) is similarly processed on the second routing module (e.g., an inactive one of the plurality of redundant routing modules). Accordingly, this arrangement can be called a hot standby scheme in which both modules are kept synchronous because they both run concurrently on all the received messages.
The described technique allows an activity switch without adversely affecting service. For example, after such an activity switch, a newly active routing module (i.e., previously the inactive routing module) processes routing updates that would normally be received by a newly inactive routing module (i.e., previously the active routing module). Furthermore, the newly active routing module does not become out of date with respect to routing information maintained on other network elements. In this manner, the network is not burdened by a burst of updates in response to the activity switch. Limiting the burden of such a burst of updates eliminates “churn” in the routing tables of network elements, thus improving performance of the network. Significantly, service of existing routes is maintained, and change to existing routes, deletion of routes, and addition of routes can continue uninterrupted; the switchover is transparent to neighboring routers. By being transparent to neighboring routers, a technique disclosed herein need not require cooperation of neighboring routers to enable an activity switch. Accordingly, neighboring routers need not be made aware of such an activity switch, nor do they need to support protocol extensions to enable such an activity switch.
As mentioned earlier, running the both modules concurrently will not necessarily result in same decisions to be made on the same stimulus. The invention ensures that the active and inactive modules stay synchronized.
The invention will be described in connection with the problem of improving availability in MPLS networks, particularly to providing high availability on LSPs that are set up and maintained using RSVP-TE (Resource Reservation Protocol-Traffic Engineering). It should, however, be noted that though the description below deals primarily with MPLS environment, the concept is equally applicable to any other network architectures that exhibit similar difficulties.
FIG. 1 illustrates the essence of the problems that can be encountered in the network under discussion. In the Figure, an MPLS network 10 is shown as an example but as mentioned earlier, discussion should apply to similar networks. Nodes 1, 2 and 3 along the path of an LSP 12 continually send and receive messages, e.g., status messages 14, concerning the status of the LSP. Node 2 is shown in more detail as comprising an active card 20 and an inactive card 22, each of which contains a control module including, among other blocks, a block containing an MPLS state machine. When an activity switch 24 occurs from an active control card to an inactive control card in cold standby, the MPLS state machine in the newly active card performs a complete MPLS restart. This causes dropped connections.
FIG. 2 shows the nature of the messaging used for LSPs between two nodes. Each messaging consists of exchanges of traffic e.g., query-response or instruction-acknowledgement. The setup and teardown messaging each happen only once for an LSP, whereas the refresh related messaging happens often. The problem with a direct implementation of hot standby between the control cards by using e.g., the protocol hooks, is that with so much messaging it is difficult to maintain synchronization between the cards.