In my previous post I gave an example configuration for OSPF SR-MPLS, next we need to look at some of the benefits of SR-MPLS such as TI-LFA (Topology Independent Loop Free Alternate) and FRR (Fast Re-Route). FRR provides the sub 50ms failover of the LSP by providing link and node protection utilising TI-LFA for computation. TI-LFA makes improvements on LFA by calculating protected paths to protect the full LSP (Label-switched Path) regardless of the topology.
If you’re interested in TI-LFA it is worth reviewing the High-level backup path computation to help make sense of some of the backup path decisions made and ensure you’re designing these into your network. This involves reading into P and Q spaces. I have mentioned this further down, but not in detail.
A great video I’ve watched on P and Q spaces: https://youtu.be/WEPiq4drHXw
Same as before here is an overview of the topology I have used. I am using EVE-NG with XRv images (IOS-XR) – Note: I have changed OSPF from broadcast to point-to-point, no particular reason other than best practice.
At this point we already have OSPF SR-MPLS running and we can ping end to end with PING MPLS, we covered the initial configuration here.
Now we can configure our TI-LFA FRR on PE1, this is end to end protection for the SR LSP (From the perspective of PE1). Here we have enabled link and node protection via TI-LFA (The index is the priority of the rule, the lower the priority the more favourable). If there are non SR capable nodes in the LSP, TI-LFA will switch between LDP and SR.
This is now also where we should refer to the P and Q spaces used in traditional LFA. The same concepts are used here in TI-LFA to determine the protected path.
We can also be more granular by moving the fast-reroute configuration under specific interfaces.
router ospf 1
log adjacency changes
segment-routing mpls
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa enable
fast-reroute per-prefix tiebreaker node-protecting index 100
address-family ipv4 unicast
area 0
segment-routing forwarding mpls
interface Loopback0
passive enable
prefix-sid index 10TI-LFA computes using the IGP metric. This means depending on the P and Q spaces we may see TI-LFA or Local-LFA. Put simply if we only have two obvious paths to a prefix without the potential of a loop we will see Local-LFA. If you’re seeing Local-LFA it does not mean that TI-LFA isn’t working, you are actually seeing SR Zero-Segment, no additional segments are required for the backup ECMP is an example of this.
Below we’ll confirm a Zero-Segment backup. The path from PE1 to PE2 10.2.2.2 is equal cost, hence the route metric and Protected, Backup (Local-LFA) seen on both entries.
RP/0/0/CPU0:PE1#show ip route 10.2.2.2
Routing entry for 10.2.2.2/32
Known via "ospf 1", distance 110, metric 4, labeled SR, type intra area
Installed Jan 30 18:48:06.828 for 00:10:37
Routing Descriptor Blocks
172.20.0.1, from 10.2.2.2, via GigabitEthernet0/0/0/1, Protected, Backup (Local-LFA)
Route metric is 4
172.10.0.1, from 10.2.2.2, via GigabitEthernet0/0/0/2, Protected, Backup (Local-LFA)
Route metric is 4
No advertising protos. Now we can look at a Single-Segment backup. The path from PE1 to P4 is not equal cost and allows for the use of TI-LFA.
Using the show ospf 1 routes 10.255.255.4/32 backup-path command from PE1 we can see the Primary and Backup paths for connectivity to the 10.255.255.4/32 prefix. We have multiple paths to the destination which are via different cost paths, this results in a single-segment implementation of TI-LFA. We can see the backup path list, the (P) which denotes which node is within the P space and reachable from the PLR (Point of Local Repair), we can see the repair-list and the Prefix-SID label 16003 of the P Node. To note: if we were to proceed with Double-Segment we would see a P and a Q node.
RP/0/0/CPU0:PE1#show ospf 1 routes 10.255.255.4/32 backup-path
Topology Table for ospf 1 with ID 10.1.1.1
Codes: O - Intra area, O IA - Inter area
O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 10.255.255.4/32, metric 3
172.20.0.1, from 10.255.255.4, via GigabitEthernet0/0/0/1, path-id 1
Backup path: TI-LFA, Repair-List: P node: 10.255.255.3 Label: 16003
172.10.0.1, from 10.255.255.4, via GigabitEthernet0/0/0/2, protected bitmap 0000000000000001
Attributes: Metric: 4, Node Protect, SRLG DisjointWe can also confirm via the CEF table, this shows the repair nodes, the protected link and also the backup (TI-LFA) link.
RP/0/0/CPU0:PE1#show cef 10.255.255.4/32 detail
10.255.255.4/32, version 632, labeled SR, internal 0x1000001 0x81 (ptr 0xa12d35c4) [1], 0x0 (0xa12b9614), 0xa28 (0xa176b050)
Updated Jan 30 18:48:06.848
local adjacency 172.20.0.1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
Extensions: context-label:16004
gateway array (0xa105f704) reference count 3, flags 0x500068, source rib (7), 0 backups
[2 type 5 flags 0x8401 (0xa14a7398) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xa12b9614, sh-ldi=0xa14a7398]
gateway array update type-time 1 Jan 30 18:48:06.848
LDI Update time Jan 30 18:48:06.848
LW-LDI-TS Jan 30 18:48:06.848
via 172.20.0.1/32, GigabitEthernet0/0/0/1, 10 dependencies, weight 0, class 0, protected [flags 0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xa17856e8 0x0]
next hop 172.20.0.1/32
local label 16004 labels imposed {16004}
via 172.10.0.1/32, GigabitEthernet0/0/0/2, 10 dependencies, weight 0, class 0, backup (TI-LFA) [flags 0xb00]
path-idx 1 NHID 0x0 [0xa166e44c 0x0]
next hop 172.10.0.1/32, Repair Node(s): 10.255.255.3
local adjacency
local label 16004 labels imposed {16003 16004}
Load distribution: 0 (refcount 2)
Hash OK Interface Address
0 Y GigabitEthernet0/0/0/1 172.20.0.1 Finally we can test our redundancy!
I will be testing from PE1 to P4 prefix 10.255.255.4/32 using a continuous PING MPLS. I will shutdown Gi0/0/0/1 on P2 and expect that GI0/0/0/2 becomes the primary on PE1 in sub-50-ms.
RP/0/0/CPU0:PE1#ping mpls ipv4 10.255.255.4/32 repeat 500
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Now we can see only one route is available and no backup-path. Its important to remember at this point, this redundancy is on a per-prefix level and gives 100% coverage of the network and LSPs from the perspective of PE1.
RP/0/0/CPU0:PE1#show ospf 1 routes 10.255.255.4/32 backup-path
Topology Table for ospf 1 with ID 10.1.1.1
Codes: O - Intra area, O IA - Inter area
O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 10.255.255.4/32, metric 4
172.10.0.1, from 10.255.255.4, via GigabitEthernet0/0/0/2, path-id 1Finally once we un-shut the link from P2 we see a primary and backup path appear again within PE1 for prefix 10.255.255.4/32.
RP/0/0/CPU0:PE1#show ospf 1 routes 10.255.255.4/32 backup-path
Topology Table for ospf 1 with ID 10.1.1.1
Codes: O - Intra area, O IA - Inter area
O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 10.255.255.4/32, metric 3
172.20.0.1, from 10.255.255.4, via GigabitEthernet0/0/0/1, path-id 1
Backup path: TI-LFA, Repair-List: P node: 10.255.255.3 Label: 16003
172.10.0.1, from 10.255.255.4, via GigabitEthernet0/0/0/2, protected bitmap 0000000000000001
Attributes: Metric: 4, Node Protect, SRLG DisjointIn summary, any SR installation should be making use of TI-LFA FRR, it’s easy to implement with clear benefits. It can also work over non-SR capable nodes via LDP if you’re dealing with yet another acquisition of a network or a migration. From this position we’re now ready to start configuring Traffic Engineer and our L2 / L3VPNs.
Internet Plumbing 