In my previous post I gave an example configuration for ISIS SR-MPLS, next we need to look at some of the benefits of SR-MPLS such as TI-LFA (Topology Independent Loop Free Alternate) and FRR (Fast Re-Route). FRR provides the sub 50ms failover of the LSP by providing link and node protection utilising TI-LFA for computation. TI-LFA makes improvements on LFA by calculating protected paths to protect the full LSP (Label-switched Path) regardless of the topology.
If you’re interested in TI-LFA it is worth reviewing the High-level backup path computation to help make sense of some of the backup path decisions made and ensure you’re designing these into your network. This involves reading into P and Q spaces. I have mentioned this further down, but not in detail.
A great video I’ve watched on P and Q spaces: https://youtu.be/WEPiq4drHXw
Same as before here is an overview of the topology I have used. I am using EVE-NG with XRv images (IOS-XR).
At this point we already have ISIS SR-MPLS running and we can ping end to end with PING MPLS, we covered the initial configuration here.
Now we can configure our TI-LFA FRR on PE1, this is end to end protection for the SR LSP (From the perspective of PE1). Here we have enabled link and node protection via TI-LFA (The index is the priority of the rule, the lower the priority the more favourable). If there are non SR capable nodes in the LSP, TI-LFA will switch between LDP and SR.
This is now also where we should refer to the P and Q spaces used in traditional LFA. The same concepts are used here in TI-LFA to determine the protected path.
In ISIS we can set node protection at the isis process level, where as the per-prefix link protection is found under the interface.
RP/0/0/CPU0:PE1#sh run router isis 1
router isis 1
net 49.0001.1010.1010.1010.00
log adjacency changes
address-family ipv4 unicast
metric-style wide
fast-reroute per-prefix tiebreaker node-protecting index 100
router-id Loopback0
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 10
!
!
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa
!
!
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa
!
!
!TI-LFA computes using the IGP metric. This means depending on the P and Q spaces we may see TI-LFA or Local-LFA. Put simply if we only have two obvious paths to a prefix without the potential of a loop we will see Local-LFA. If you’re seeing Local-LFA it does not mean that TI-LFA isn’t working, you are actually seeing SR Zero-Segment, no additional segments are required for the backup.
Below we’ll confirm a Zero-Segment backup. The path from PE1 to PE2 10.2.2.2 is equal default cost in the configuration.
RP/0/0/CPU0:PE1#show route 10.2.2.2
Routing entry for 10.2.2.2/32
Known via "isis 1", distance 115, metric 30, labeled SR, type level-1
Installed Feb 1 11:32:29.724 for 04:19:15
Routing Descriptor Blocks
172.20.0.1, from 10.2.2.2, via GigabitEthernet0/0/0/1, Protected
Route metric is 30
172.10.0.1, from 10.2.2.2, via GigabitEthernet0/0/0/2, Backup (Local-LFA)
Route metric is 40
No advertising protos.
We should now also confirm the fast-reroute for this prefix remembering this is a Zero-Segment.
RP/0/0/CPU0:PE1#sh isis ipv4 fast-reroute 10.2.2.2/32 detail
L1 10.2.2.2/32 [30/115] medium priority
via 172.20.0.1, GigabitEthernet0/0/0/1, P2, SRGB Base: 16000, Weight: 0
FRR backup via 172.10.0.1, GigabitEthernet0/0/0/2, P1, SRGB Base: 16000, Weight: 0, Metric: 40
P: No, TM: 40, LC: No, NP: No, D: No, SRLG: Yes
src PE2.00-00, 10.2.2.2, prefix-SID index 20, R:0 N:1 P:0 E:0 V:0 L:0
L2 adv [30] native, propagated, prefix-SID index 20, R:0 N:1 P:0 E:0 V:0 L:0Now we can look at a Single-Segment backup. The path from PE1 to P3 allows for the use of TI-LFA.
We can see below the Backup Path: TI-LFA, we can also see the P Node: P4 this P node denotes it’s within the P space and reachable from the PLR (Point of Local Repair). If we were to proceed and create a Double-Segment we would see a P and Q node here.
RP/0/0/CPU0:PE1#sh isis ipv4 fast-reroute 10.255.255.3/32 detail
L1 10.255.255.3/32 [20/115] medium priority
via 172.10.0.1, GigabitEthernet0/0/0/2, P1, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (node), via 172.20.0.1, GigabitEthernet0/0/0/1 P2, SRGB Base: 16000, Weight: 0
P node: P4.00 [10.255.255.4], Label: 16004
Prefix label: 16003
Backup-src: P3.00
P: No, TM: 30, LC: No, NP: Yes, D: No, SRLG: Yes
src P3.00-00, 10.255.255.3, prefix-SID index 3, R:0 N:1 P:0 E:0 V:0 L:0
L2 adv [20] native, propagated, prefix-SID index 3, R:0 N:1 P:0 E:0 V:0 L:0We can also confirm via the CEF table, this shows the repair labels, the protected link and also the backup (TI-LFA) link.
RP/0/0/CPU0:PE1#show cef 10.255.255.3/32 detail
10.255.255.3/32, version 359, labeled SR, internal 0x1000001 0x81 (ptr 0xa12d3a04) [1], 0x0 (0xa12b9734), 0xa28 (0xa17512e4)
Updated Feb 1 16:00:51.010
local adjacency 172.10.0.1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
Extensions: context-label:16003
gateway array (0xa106025c) reference count 3, flags 0x500068, source rib (7), 0 backups
[2 type 5 flags 0x8401 (0xa14a7884) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xa12b9734, sh-ldi=0xa14a7884]
gateway array update type-time 1 Feb 1 15:59:02.448
LDI Update time Feb 1 15:59:02.448
LW-LDI-TS Feb 1 15:59:02.448
via 172.20.0.1/32, GigabitEthernet0/0/0/1, 9 dependencies, weight 0, class 0, backup (TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xa166e280 0x0]
next hop 172.20.0.1/32, Repair Node(s): 10.255.255.4
local adjacency
local label 16003 labels imposed {16004 16003}
via 172.10.0.1/32, GigabitEthernet0/0/0/2, 9 dependencies, weight 0, class 0, protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xa176b42c 0x0]
next hop 172.10.0.1/32
local label 16003 labels imposed {16003}
Load distribution: 0 (refcount 2)
Hash OK Interface Address
0 Y GigabitEthernet0/0/0/2 172.10.0.1
RP/0/0/CPU0:PE1# Finally we can test our redundancy!
I will be testing from PE1 to P3 prefix 10.255.255.3/32 using a continuous PING MPLS. I will shutdown Gi0/0/0/2 on P1 and expect that GI0/0/0/1 becomes the primary on PE1 in sub-50-ms.
RP/0/0/CPU0:PE1#ping mpls ipv4 10.255.255.3/32 repeat 500
!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Now we can see only one route is available and no FRR backup. Its important to remember at this point, this redundancy is on a per-prefix level and gives 100% coverage of the network and LSPs from the perspective of PE1.
RP/0/0/CPU0:PE1#sh isis ipv4 fast-reroute 10.255.255.3/32 detail
L1 10.255.255.3/32 [30/115] medium priority
via 172.20.0.1, GigabitEthernet0/0/0/1, P2, SRGB Base: 16000, Weight: 0
No FRR backup
src P3.00-00, 10.255.255.3, prefix-SID index 3, R:0 N:1 P:0 E:0 V:0 L:0
L2 adv [30] native, propagated, prefix-SID index 3, R:0 N:1 P:0 E:0 V:0 L:0Finally once we un-shut the link from P1 we see a primary and backup path appear again within PE1 for prefix 10.255.255.3/32.
RP/0/0/CPU0:PE1#sh isis ipv4 fast-reroute 10.255.255.3/32 detail
L1 10.255.255.3/32 [20/115] medium priority
via 172.10.0.1, GigabitEthernet0/0/0/2, P1, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (node), via 172.20.0.1, GigabitEthernet0/0/0/1 P2, SRGB Base: 16000, Weight: 0
P node: P4.00 [10.255.255.4], Label: 16004
Prefix label: 16003
Backup-src: P3.00
P: No, TM: 30, LC: No, NP: Yes, D: No, SRLG: Yes
src P3.00-00, 10.255.255.3, prefix-SID index 3, R:0 N:1 P:0 E:0 V:0 L:0
L2 adv [20] native, propagated, prefix-SID index 3, R:0 N:1 P:0 E:0 V:0 L:0In summary, any SR installation should be making use of TI-LFA FRR, it’s easy to implement with clear benefits. It can also work over non-SR capable nodes via LDP if you’re dealing with yet another acquisition of a network or a migration. From this position we’re now ready to start configuring Traffic Engineer and our L2 / L3VPNs.
Internet Plumbing 