Remote Loop Free Alternate Path with OSPFv2
advertisement
Contents Introduction Prerequisites Requirements Components Used Configure Background Information Terminology Network Diagram Configurations R1 R2 R3 R4 R5 R6 Understanding MPLS-Remote-LFA Tunnel Functionality Verify Introduction This document describes how Remote Loop-Free Alternate (LFA) mechanism provides fast reroute of traffic in an MPLS enabled network. Remote LFA provides a mechanism where if direct loop free alternate path is not available, traffic could be tunneled to a remote node that could still deliver traffic to end destination within 50 millisecond turnaround time. Prerequisites Requirements Cisco recommends that you have knowledge of OSPFv2 and MPLS. Components Used This document is not restricted to specific software and hardware versions. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Configure Background Information In today's fast paced network any disruption to the network even for few seconds could hamper sensitive applications . If there is a node or link failure in network along the primary path, packets could be dropped till the point routing protocols like OSPF, ISIS, and EIGRP converge. Link state protocols like OSPF and ISIS have no mechanism like EIGRP to have a backup route precomputed proactively that can be used in case of failure of primary route. Directly connected lfa and remote lfa are two mechanisms used in conjunction with OSPF and ISIS to have a backup route/path in place. This backup path is used in case of failure of primary route and is used only till the point OSPF or ISIS re-converges. This helps to deliver packets to destination while OSPF or ISIS is converging. Consider the diagram shown below. Above links are marked with their respective OSPF costs. Cost to reach 10.6.6.6 from R1 is 21 and its primary path is R1 -> R5 -R6. R1 -> R5 -> R6 -> Loopback0 // OSPF cost 21 When R2 is checked against direct lfa inequalities, it does not pass them hence fails to provide a direct loop free alternate path for 10.6.6.6. D(N,D) < D(N,S) + D(S,D) 41 < 10 + 21 // Link Protection // Equality fails Since R2 does not pass the basic condition needed to provide direct loop free alternate path, R2 cannot serve as a backup path in the event of failure of R1-R5 link. For more details on direct lfa, please refer to . However, if during R1-R5 failure, traffic from R1 is can be tunneled to R3, an alternate backup path could be achieved. This mechanism of tunneling packets to a remote node that can provide loop free alternate path is called remote lfa. Packets destined to R3 via tunnel are forwarded to R6 without any obstruction as failed link R1-R5 does not come in its primary path to reach 10.6.6.6. Tunnel built is an MPLS LDP tunnel. Therefore, it requires LDP to be enabled in environment. However pre-requisite for running remote lfa is direct lfa, else LDP tunnel would not come up. Terminology There are few terms used with remote-lfa and these are explained as below. ● ● ● P Space - This defined the set of other routers R1 can reach without traversing over failed link. This requires shortest path tree algorithm (SPT) to be run with root at R1. For example in above topology, P space of R1 would be R2 and R3. Q Space - This defines the set of routers that can reach R5 without traversing the failed link. This requires an SPT to be run rooted at R5. So Q space of R5 would be R3 and R4. PQ node: This is the node which is common to both P and Q space. In above case R3 is common and is selected as PQ or also known as release node. This is the node where remote lfa tunnel is terminated. There could be multiple such PQ nodes, however only one is selected as per algorithm. Network Diagram Configurations All prefixes are first checked against direct loop free alternate path availability for protection. Prefixes that do not have a direct lfa protection would be considered for remote lfa protection. Commands to enable directly connected lfa: fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute keep-all-paths Command to enable remote lfa: fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp R1 interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface Ethernet0/0 ip address 10.0.12.1 255.255.255.0 mpls ip ! interface Ethernet0/1 no ip address ! interface Ethernet0/2 ip address 10.0.15.1 255.255.255.0 mpls ip router ospf 100 fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp fast-reroute keep-all-paths network 10.0.0.0 0.255.255.255 area 0 R2 interface Loopback0 ip address 10.2.2.2 255.255.255.255 ! interface Ethernet0/0 ip address 10.0.12.2 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 10.0.23.2 255.255.255.0 mpls ip router ospf 100 fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp fast-reroute keep-all-paths network 10.0.0.0 0.255.255.255 area 0 R3 interface Loopback0 ip address 10.3.3.3 255.255.255.255 ! interface Ethernet0/0 ip address 10.0.34.3 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 10.0.23.3 255.255.255.0 mpls ip router ospf 100 fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp fast-reroute keep-all-paths network 10.0.0.0 0.255.255.255 area 0 R4 interface Loopback0 ip address 10.4.4.4 255.255.255.255 ! interface Ethernet0/0 ip address 10.0.34.4 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 10.0.45.4 255.255.255.0 mpls ip router ospf 100 fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp fast-reroute keep-all-paths network 10.0.0.0 0.255.255.255 area 0 R5 interface Loopback0 ip address 10.5.5.5 255.255.255.255 ! interface Ethernet0/0 ip address 10.0.56.5 255.255.255.0 ! interface Ethernet0/1 ip address 10.0.45.5 255.255.255.0 mpls ip ! interface Ethernet0/2 ip address 10.0.15.5 255.255.255.0 mpls ip router ospf 100 fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp fast-reroute keep-all-paths network 10.0.0.0 0.255.255.255 area 0 R6 interface Loopback0 ip address 10.6.6.6 255.255.255.0 ! interface Ethernet0/0 ip address 10.0.56.6 255.255.255.0 mpls ip router ospf 100 fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute keep-all-paths network 10.0.0.0 0.255.255.255 area 0 Understanding MPLS-Remote-LFA Tunnel Functionality Remote LFA computations are done on per-primary next-hop basis. If there are couple of prefixes that share same primary next-hop then all prefixes would share same LFA tunnel and PQ node or release node. As per figure below, remote lfa computation resulted in selection of R3 as PQ or release node. For R6's loopback 10.6.6.6, primary path for traffic to flow is via R1->R5->R6 as shown below. R1#show ip route 10.6.6.6 Routing entry for 10.6.6.6/32 Known via "ospf 100", distance 110, metric 21, type intra area Last update from 10.0.15.5 on Ethernet0/2, 00:08:56 ago Routing Descriptor Blocks: * 10.0.15.5, from 10.6.6.6, 00:08:56 ago, via Ethernet0/2 // Primary path Route metric is 21, traffic share count is 1 Repair Path: 10.3.3.3, via MPLS-Remote-Lfa3 // Also a backup MPLS remote tunnel has been established This back up tunnel shown above is setup automatically between R1 and PQ/release node R3 that has been calculated by algorithm. This results in establishment of a targeted LDP session between R1 and R3 for exchange of labels. R1#show mpls ldp neighbor 10.3.3.3 Peer LDP Ident: 10.3.3.3:0; Local LDP Ident 10.1.1.1:0 TCP connection: 10.3.3.3.22164 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 28/29; Downstream Up time: 00:12:08 LDP discovery sources: Targeted Hello 10.1.1.1 -> 10.3.3.3, active, passive Addresses bound to peer LDP Ident: 10.0.34.3 10.3.3.3 10.0.23.3 Targeted LDP session built between R1 and R3 is used by PQ/release (R3) node to share MPLS label of protected prefixes (10.6.6.6 in this case) with R1. Below it is seen that R3 has an MPLS label of 18 to do label switching of traffic towards R6's loopback. This label 18 is shared by R3 with R1 via LDP and is stored as a backup label on R1. R1#show ip cef 10.6.6.6 10.6.6.6/32 // 23 is primary label nexthop 10.0.15.5 Ethernet0/2 label [23| 18] repair: attached-nexthop 10.3.3.3 MPLS-Remote-Lfa3 // 18 is backup label shared by R3 R1#show mpls forwarding-table 10.3.3.3 Local Outgoing Prefix Bytes Label Label Label or Tunnel Id Switched 21 21 10.3.3.3/32 0 Outgoing interface Et0/0 Next Hop R3#show mpls forwarding-table 10.6.6.6 Local Outgoing Prefix Bytes Label Label Label or Tunnel Id Switched Outgoing interface Next Hop 18 18 10.6.6.6/32 0 Et0/0 10.0.12.2 10.0.34.4 As long as R1-R5 link is alive (primary path), traffic would be forwarded via MPLS LSP using label 23(label to reach 10.6.6.6 over primary path). However when R1-R5 link goes down, traffic would be switched via repair path over MPLS-Remote-Lfa3. The IP packet at R1 during this failure is imposed with an extra label. Inner label is the one learnt via targeted LDP session and outer label is to reach PQ node (R3 in this case). ● ● Inner label - Label for 10.6.6.6 provided by R3 over LDP to R1. Outer Label - Label that R1 has for R3's loopback. Outer Label Inner Label Inner IP Packet So traffic would be labelled switched with outer label 21 to reach PQ node R3. Once traffic reaches R3, outer label would be removed (or may be removed by R2 due to penultimate hop popping). R3 would find the inner label value of 18 and it would check its MPLS forwarding table and will forward it accordingly. Verify Verifying Functionality As discussed, example prefix that is being protected is 10.6.6.6/32 i.e. loopback0 of R6. The primary path for R1 to reach R6's loopback is via R1->R5->R6 as shown in below outputs. In below outputs, along with primary forwarding path, another repair path is listed that would be used in the event of primary link between R1 and R5 goes down. R1#show ip int brief | in up Ethernet0/0 10.0.12.1 Ethernet0/2 10.0.15.1 Loopback0 10.1.1.1 YES NVRAM YES NVRAM YES NVRAM up up up up up up MPLS-Remote-Lfa3 10.0.12.1 YES unset up up MPLS-Remote-Lfa4 10.0.15.1 YES unset up up R1#show ip route 10.6.6.6 Routing entry for 10.6.6.6/32 Known via "ospf 100", distance 110, metric 21, type intra area Last update from 10.0.15.5 on Ethernet0/2, 01:45:54 ago Routing Descriptor Blocks: * 10.0.15.5, from 10.6.6.6, 01:45:54 ago, via Ethernet0/2 Route metric is 21, traffic share count is 1 Repair Path: 10.3.3.3, via MPLS-Remote-Lfa3 R1#show ip ospf rib 10.6.6.6 OSPF Router with ID (10.1.1.1) (Process ID 100) Base Topology (MTID 0) OSPF local RIB Codes: * - Best, > - Installed in global RIB LSA: type/LSID/originator *> 10.6.6.6/32, Intra, cost 21, area 0 SPF Instance 10, age 01:48:22 Flags: RIB, HiPrio via 10.0.15.5, Ethernet0/2 Flags: RIB LSA: 1/10.6.6.6/10.6.6.6 repair path via 10.3.3.3, MPLS-Remote-Lfa3, cost 40 Flags: RIB, Repair, IntfDj, BcastDj, CostWon backup // MPLS LFA tunnel chosen as LSA: 1/10.6.6.6/10.6.6.6 So during the period of convergence of OSPF after primary link failure (R1-R5), traffic would be switched using MPLS repair tunnels. This tunnel can be seen originating from R1 and terminating at R3 (PQ node) 10.3.3.3. It also mentions that it is providing protection against link 10.0.15.5 , Ethernet 0/2 which is primary path for traffic to 10.6.6.6 from R1. R1#show ip ospf fast-reroute remote-lfa tunnels OSPF Router with ID (10.1.1.1) (Process ID 100) Area with ID (0) Base Topology (MTID 0) Interface MPLS-Remote-Lfa3 // Remote lfa tunnel Tunnel type: MPLS-LDP Tailend router ID: 10.3.3.3 Termination IP address: 10.3.3.3 Outgoing interface: Ethernet0/0 First hop gateway: 10.0.12.2 Tunnel metric: 20 Protects: 10.0.15.5 Ethernet0/2, total metric 40
