Upload
vuhuong
View
215
Download
1
Embed Size (px)
Citation preview
IP LFA (Loop-Free-Alternate): Architecture and Troubleshooting
Luc De Ghein – Technical Leader Services
BRKRST-3020
• Introduction
• LFA Overview
• LFA Architecture
• Configuration, implementation and troubleshooting (OSPF, ISIS, EIGRP) on IOS and IOS-XR
• TI-LFA
• MATE
• Conclusion
Agenda
Introduction
Evolution Failure Handling
Routing protocol
computes new best path
– control and data plane* IPv4 is used throughout the presentation –
same principles apply to IPv6
Best effort delivery
Voice/video demanded fast convergence
Fast Rerouting
Service failures caused
by routing transitions are
largely hidden by higher-
level protocols that
retransmit the lost data
Tuned routing
protocol for faster
convergence
Pre-computed
backup/repair path
needed, in data plane
LFA Overview
Goals
Fast RestorationLike MPLS Traffic
Engineering FRR
Without the MPLS
(TE) Overhead =
scalability
~50 ms
Protect link/node
failure
no BW
protection
Simple to
deploy/operate
Incremental
deployment – no
signaling
and local only
Pure IP
MPLS is not a
pre-requisite
LFA and MPLS TE ComparisonIP FRR LFA MPLS TE FRR
Repair Path Least cost Constraints based with bandwidth
guarantee and path control
Link & node protection Yes Yes
Path protection No Yes
Control Plane Requirements None RSVP-TE
Load distribution over multiple
repair paths
Yes No
Provisioning Minimal configuration Significant
IPv6 support Yes No
Shared Risk Link Group (SRLG) Yes (local only) Yes
Network Topology Coverage Effective with mesh
0 % < coverage < 100 %
No dependency. 100 % Coverage.
Always works.
must use MPLS TE
solutions will be
covered
LFA Architecture
Before We Start …
Requirement Building Block
Speed Pre-compute repair path
Speed of restoration Put repair path in data plane (CEF)
Fast Detection Fast Link down detection – best to use BFD*
Cleanup Normal convergence occurs after the event
(*) BFD sessions are only built between the DR and other OSPF routers on a broadcast segment
Reducing Loss Of Connectivity (LoC)Control Plane Fast Convergence
t0 Failure Detection
t1 Failure Propagation (Flooding, Updates, etc)
t2 Topology/Routing Recalculation
t3 Update Routing and Forwarding Table (RIB/FIB)
Data Plane Convergence (FRR)
t0 Failure Detection
tR Switchover to (pre-computed) backup path
t1 Failure Propagation (Flooding, Updates, etc)
t2 Topology/Routing Recalculation
t3 Update Routing and Forwarding Table (RIB/FIB)
failure
LoC
t0
failure
t1 t2 t3 t4
LoC
t0 t1 t2 t3 t4tR
prefix-independent update
Principal Idea Behind LFA
B
A C
primary path
• A does all the computation
• No other router is involved
• Repair path (LFA):
• New link/next-hop router avoind the failed link
• Traffic does not return from B to A
All is done locally on router A
Principal Mechanism of LFANormal Shortest Path Calculation (SPF)
10 10
10 10
30 10
10 10
30
B C
D E F
G H
20
10
A
topology
SPF
SPT
10 10
10 10
30 10
10
B C
D E F
G H
10
G
A
root router
calculating router
&
Principal Mechanism of LFAThe trick = calculating router runs SPF with other router as root
SPF
10 10
10 10
30 10
10 10
30
B C
D E F
G H
20
10
A
topology SPT
10 10
10 10
10
A
B D G
H
10
G
Croot router
calculating router
E
F
30 10
reverse SPF = rSPF
All of the LFA is made possible by the calculating router running an SPF with its neighbor(s) as root
An SPF with any router in the area as root is not needed
Definitions
E
N
DS
primary path
All calculation
occurs here
Source router
Where the prefixes
are connected
Destination router
Alternate next hop
under investigation
Neighbor router
Primary next hop
router
Neighbor routerD(A,B)
The distance (lowest cost) from A to B
primary next hop
alternate next hop
General Theory - Rules
Inequality 1: D(N,D) < D(N,S) + D(S,D)
“Path is loop-free because N’s best path is not through local router.”
Traffic sent to backup next hop is not sent back to S.
Loop Free Alternate
Inequality 2: D(N,D) < D(S,D)
“Neighbor router is closer to the destination than local router.”
Loop-free is guaranteed even with multiple failures (if all repair-paths are
downstream path).
Downstream Path
Inequality 3: D(N,D) < D(N,E) + D(E,D)
“N's path to D must not go through E.”
“The distance from the node N to the prefix via the primary next-hop is
strictly greater than the optimum distance from the node N to the prefix.“
Node protection N
S
E
D
Alternate next hop
under investigation
Primary next hop
router
c
o
v
e
r
a
g
e
General Theory - Rules
Inequality 4: D(N,D) < D(N,PN) + D(PN,D)
“the link from S to N should not be the same as the protected link”
“the link from N to D should not be the same as the protected link”
Loop Free Link Protecting for Broadcast Link
N
S
E
DPN0
0
0
PN = PseudoNode
representing the
BroadCast link with cost 0
General Theory - Examples
10 E
12
5
11
S
N
D
Inequality 3: 11 < 16 + 5 ?
Inequality 2: 11 < 15 ?
Inequality 1: 11 < 12 + 15 ?
Inequality 3: 20 < 22 + 5 ?
Inequality 2: 20 < 15 ?
Inequality 1: 20 < 12 + 15 ?
Inequality 3: 25 < 20 + 5 ?
Inequality 2: 25 < 15 ?
Inequality 1: 25 < 12 + 15 ?
Inequality 1 D(N,D) < D(N,S) + D(S,D) Loop Free
Alternate
Inequality 2 D(N,D) < D(S,D) Downstream
path
Inequality 3 D(N,D) < D(N,E) + D(E,D) Node
protection
10 E
12
5
20
S
N
D
10 E
12
5
20S
N
D
General Theory - Examples
Inequality 3: 25 < 20 + 5 ?
Inequality 2: 25 < 27 ?
Inequality 1: 25 < 20 + 27 ?
Inequality 3: 27 < 22 + 5 ?
Inequality 2: 27 < 15 ?
Inequality 1: 27 < 12 + 15 ?
Inequality 1 D(N,D) < D(N,S) + D(S,D) Loop Free
Alternate
Inequality 2 D(N,D) < D(S,D) Downstream
path
Inequality 3 D(N,D) < D(N,E) + D(E,D) Node
protection
10 E
12
5
27
S
N
D
22 E
20
5
20S
N
D
General TheoryExample 4th Inequality
Inequality 1 D(N,D) < D(N,S) + D(S,D) Loop Free
Alternate
Inequality 2 D(N,D) < D(S,D) Downstream
path
Inequality 3 D(N,D) < D(N,E) + D(E,D) Node
protection
N
S
E
DPN
10
0
0
0
10
1011
25
8
Inequality 4 D(N,D) < D(N,PN) + D(PN,D) Loop Free
Alternate BC
Inequality 4: 21 < 10 + 11 ? Loop-free for Broadcast link
21
D(N,D) = 21 and path goes through the PN
“the link from S to N should not be the same as the protected link”
“the link from N to D should not be the same as the protected link”
Per-Link versus Per-Prefix LFA
5
10 N1
10
10
S
N2
E
Per-Link
D1
D2
5
10
10
10
• Backup path carries traffic for all destinations through primary next hop
• There is no difference in path for prefixes to D1 or D2
• Can lead to overloaded links S-N2 and N2-E
• Node protection is possible, but not guaranteed (topology dependent)
• Node protection if path is S-N1-D1, but then suboptimal path for prefixes to D2
D1 + D2
Per-Prefix
5
10 N1
10
10
S
N2
E
D1
D2
5
10
10
10
Two different backup path can carry traffic for different prefixes through primary next hop, and hence produce better load sharing
D2
D1
YY
Per-Link versus Per-Prefix LFA: Coverage
10
10 N
10
15
S
E
D
Per-Link Per-Link
X + Y
E is primary next-hop for prefixes X and Y
Inequality 1 : prefix X : 15 < 10 + 20
Inequality 1 : prefix Y : 20 < 10 + 10
→ No protection for prefix X and Y !
X
Inequality 1 D(N,D) < D(N,S) + D(S,D) Loop Free
Alternate
Conclusion? All or nothing (prefixes) with Per-Link LFA
10
15 N
10
15
S
E
D
X + Y
X
E is primary next-hop for prefixes X and Y
Inequality 1 : prefix X : 15 < 15 + 20
Inequality 1 : prefix Y : 20 < 15 + 10
→ Protection for prefix X and Y !
20 20
Prefixes reachable through the same primary next-hop, share the same backup
Per-Link LFA Limitation
20
16 N1
5
70
S
N2
E
D1
D2
5
40
30
30
Traffic to D2 is forwarded to E on N2
Traffic to D1 is U-turned on N2, back to S
Prefix from D1, NH = S, cost = 51 Prefix from D2, NH = E, cost = 50
20
16 N1
15
70
S
N2
E
D1
D2
5
40
30
30
Prefix from D1, NH = D1, cost = 30Prefix from D2, NH = S, cost = 81
Traffic to D1 is forwarded to D1
Traffic to D2 is U-turned on N1, back to S
Conclusion? Per-Link LFA does not always work
Assume N2 is backup for D1 and D2 prefixes Assume N1 is backup for D1 and D2 prefixes
Per-Link versus Per-Prefix
Per-Link LFA or per-prefix LFA is chosen per interface!
• Simple computation, single rSPF per
protected neighbor
• All or nothing; does not always work
• Low coverage
Per-link
• More complex calculations than per-link LFA, computation is for each neighbor of S and per-prefix
• High coverage
Per-prefix
Calculation & Memory
• Calculation is done in background
• Primary SPF always has priority
SPF
t0 t1 t2 t3tR
IPFRR SPF SPF
IPFRR SPF
IPFRR SPF
t5t4
IPFRR interupted and continued later
t6
• Memory increase: exta information stored• Distance table, backup path in RIB / LRIB / FIB
• But only for the IGP prefixes !
Building Blocks
1. Router S calculates alternate next hop for prefixes/link
2. Alternate next hop is installed in RIB and IGP local RIB (LRIB)
3. Alternate Next hop is installed in FIB (CEF)
Pre-failure
Failure Time
1. Link-down detection
2. Trigger IP-FRR LFA: switchover all prefixes in FIB in one go
Post-failure
1. Normal convergence (SPF)
show ip route 10.1.1.0/24
10.1.1.2 via GE 0/0/1, protected
10.1.2.1 via GE 0/0/2, backup
show ip ospf rib 10.1.1.0/24
10.1.1.2 via GE 0/0/1, protected
10.1.2.1 via GE 0/0/2, repair-path
RIB
LRIB
CEFshow ip cef 10.1.1.0/24
10.1.1.2 via GE 0/0/1, protected
10.1.2.1 via GE 0/0/2, repair-path
10 E
12
5
11
S
N
D
show ip cef 10.1.1.0/24
10.1.2.1 via GE 0/0/2
show ip cef 10.1.1.0/24
10.1.2.1 via GE 0/0/2
CEF
CEF
stored in control plane
stored in data plane
• Does LFA work with Labelled traffic?
• Yes!
• Least cost routing with LDP
• LDP requirement: Downstream Unsolicited; Liberal Retention
• No issue (except for ATM interfaces)
• Different label for different prefix
• LFIB must store backup path
• Services are L3VPN, VPLS, 6PE/6VPE
LFA and MPLS
MPLS Primary path
LFA
Using MPLS to Increase LFA Coverage
The problem
• Remote LFA: tunnel the packets to a router which can deliver the packets without going across the failed link - guaranteed
The solution
• Directly Connected LFA* does not cover all• No neighbor is found which is an LFA
• Typically
• A network with range of link metrics
• A sparsely meshed network
• A ring topology
S
R4
R2
R3
D
R5
1
1 1
1
11
Drop-off router
*Everything seen so far
Finding the Drop-off Router
S E
P space of Router S Q space of Router E
P-space of S and the link SE =
set of routers that S can reach
without passing through the
link SE (including ECMP)
Q-space of the E and the link
SE = set of routers that can
reach the router E without
passing through the link SE
PQ
PQ
PQ
P QPQ
Common router P & Q
S picks one PQ router (closest)
S builds tunnel to PQ router (if not already present)
Extended P-Space
• What if no PQ router is found?
EP QExtended P space of Router S
Extended P-space of S and the link
SE = set of routers that all neighbors
of S can reach without passing
through the link SE (including ECMP) PQ
PQ
S
N
… more coverage
… extended P-Space turned on if remote LFA is turned on
Remote LFACalculating P-Space
A
B
D
C
E
SPF
topology
A
B
D
C
E
SPT
A
B
D
SPT after pruning protected link branch
pruning
Compute SPT in protecting router Prune branch through the protected
link (including ECMP)
P
Remote LFACalculating Q-Space
A
B
D
C
E
rSPF
topology
A
B
D
C
E
rSPT rooted at C
pruning
SPT after pruning protected link branch
D
C
E
Compute rSPF rooted on link far
end router
Prune branch through the protected
link (including ECMP)
Q
Remote LFACalculating the Set of PQ Candidates
P Q∩
D E
B
D∩
A
B
D
C
E
topology
PQ candidate
Extended P-Space calculation is not
expensive; the router already runs SPF in
behalf of every neighbor with Directly
Connected LFA
Remote LFAPacket Forwarding
A
B
D
C
E
PQ router
X
1Find PQ
router
2Targeted LDP
Session
3Label Binding
Exchange
LDP Label Binding
Prefix X
Label 99
IP 17
IP30
IP
Topologies
A
C
B
D
square
pentagon … to ring
triangle B
C
A
If link cost range is small …
… very high LFA coverage
If equal link cost:
No LFA
No Remote LFA
Remote LFA with Extended P-Space
A
B
D
C
E
A
B
C
D
E
N No LFA
Remote LFA
Microloops• Link failure S-D
• T0 link failure detected
• tR IP-FRR kicks in on S
• t1 Failure Propagation (Flooding, Updates, etc)
• t2 Topology/Routing Recalculation (SPF runs on S)
• t3-t4 Update Routing and Forwarding Table (RIB/FIB)
• t4 end of updating on S
• t5 end of updating on N
• [t3-t4]-[t4-t5] N still has route for D, pointing to S: loop
• t5 loop resolved: N finished updating its tables: then route for D points to R1
LoC
t0 t1 t2 t3 t4tRfailure t5
loop
N R1 R2
S D
rLFA tunnel
The solution is to delay updating the
forwarding table
Until all routers converged. In the meantime, traffic remains on rLFA protected path
Configuration, implementation and troubleshooting (OSPF, ISIS,
EIGRP) in IOS and IOS-XR
• There can be multiple possible backup path
• Only one is chosen to protect the primary path
• Which one to choose?
Tie-Breaking
attribute order configurable
• A characteristic of a path• Each path can have any
combination of attributes
• Elimination rules• Importance/preference of
attributes
• Any combination of attributes can be configured
• Order can be changed• There is a default set• Configure any attribute
removes all the default oneSRLG, node protecting,
downstream, primary/secondary, …If one rule eliminates all paths: skip
the rule
Tie-Breaking Attributes
SRLG Prefer other Share Link Group
Primary Path Prefer Primary over Secondary path
Interface Disjoin Prefer other interface then protected interface
Node protecting Prefer node over link protecting
Broadcast Interface Disjoin Prefer Path not using the broadcast segment
Load Sharing Distribute candidates among prefixes sharing the protected path
Downstream Prefer the router closer to D than S
Secondary Prefer scondary over primary
Tie-Breaking Example (OSPF)R1#show ip ospf rib 10.100.1.13
via 10.1.5.7, Ethernet0/0
repair path via 10.1.3.4, Serial4/0, cost 31
Flags: RIB, Repair, , BcastDj, , LC Dj, NodeProt, Downstr, LoadShare
repair path via 10.1.6.8, Serial6/0, cost 36
Flags: , Repair, IntfDj, BcastDj, LC Dj
repair path via 10.1.4.5, Serial5/0, cost 31
Flags: , Repair, , BcastDj, , LC Dj, NodeProt, Downstr, LoadShare
repair path via 10.1.5.6, Ethernet0/0, cost 31
Flags: , Repair, , NodeProt, Downstr
repair path via 10.1.2.3, Serial3/0, cost 131
Flags: , Repair, IntfDj, BcastDj, LC Dj, NodeProt
PrimPath
PrimPath
PrimPath
Ignore
Ignore
Ignore
Ignore
IntfDj
IntfDj
primary path Default Tie Breaking, IOS, OSPF
1
2
3
4
5
10 srlg
20 primary-path
30 interface-disjoint
40 lowest-metric
50 linecard-disjoint
60 node-protecting
70 broadcast-interface-disjoint
256 load-sharing
no path has SRLG, so this policy step is skipped
path 2 & 5 do not have “PrimPath” (not one of the
ECMP paths)
path 4 does not have “IntfDj” attribute
paths 1 & 3 have the same cost
paths 1 & 3 have the same set of attributes
it comes down to “loadshare” : one of the 2
paths is chosen
repair path
• LDP must be enabled everywhere
• Enable Targeted LDP everywhere
• No other tunneling mechanisms other than MPLS are supported
• PQ node is link protecting only, not node protecting
• PQ node calculations are only executed if there are unprotected paths for protectable prefixes
• A targeted LDP session to PQ node will only be built if none exists yet
• No Remote LFA for per-link
Remote LFA
e.g. mpls ldp discovery targeted-hello accept [from <acl>]
Implementation Notes
IOS-XR IOS
OSPF
ISIS
Per-Link LFA
Per-Prefix LFA
IPv6
Remote LFA
EIGRP
Inter-area/AS LFA - OSPF
B
C
A
D
E
F
G
H
I
• Router is in one area: intra-area prefixes and all others types are protected
• On the ABR: No prefixes protected from area’s where LFA is not enabled
• Backup path for the prefix will always be calculated in the same area where primary path exists (so not necessarily the shortest path, intra-area is preferred over inter-area and so on)
• Backup path will be of same route type (intra-area, inter-area, external, external-NSSA) and using same metric type (external, NSSA) as primary path
• To protect externals you MUST have enabled the command without the area keyword
• Even if the router is only inside one area! (for example the complete router is area 3 only)
area 1 area 2area 0
• The generated default route (ATT-bit) in L1 is protected in IOS-XR
• For IOS: Enhancement
• Backup path for the prefix will always be calculated in the same level where primary path exists
• Backup path will be of same route type as primary path
• L1 protected by L1
• L2 protected by L2
• L1 will not be protected by L2 prefix
• Externals are protected in L1 or L2
• Inter-area routes (leaked routes L2 into L1) can be protected
Inter-level/AS LFA - ISIS
B
C
A
D
E
F
G
H
I
Level 1 Level 1
Level 2
• Enable fast-reroute per-prefix per area or globally
Configuration - OSPF
• Enable fast-reroute prefix-priority
• Change priority of prefixes (route-map | RPL)
• Change/add/delete tie-breakers; change preference
mandatory
optional
• Exclude an interface for protection
• Exclude an interface for repair path
• Enable Remote LFA
Default: /32 is high in IOS
/32 is medium in IOS-XR
*IOS-XR also has per-link LFA
• Configure a max cost for Remote LFA tunnel
• Enable fast-reroute per-prefix per level or globally
Configuration - ISIS
mandatory
optional
• Enable fast-reroute prefix-priority
• Change priority of prefixes (route-map | RPL)
• Change/add/delete tie-breakers; change preference
• Exclude an interface for protection
• Exclude an interface for repair path
• Enable Remote LFA
Default: /32 is high in IOS
/32 is medium in IOS-XR
• Configure a max cost for Remote LFA tunnel
*IOS-XR also has per-link LFA
Configuration
OSPF – IOS - Configuration• Configuration for ISIS and IOS-XR implementations: see Appendix
[no] fast-reroute per-prefix enable [area <area-id>] prefix-priority {high | low}
• External routes do not belong to any area
• To protect externals you MUST have enabled the command without the area keyword
• High priority get programmed before low priority in RIB
• Default high priority: /32 prefixes
• Enabling ‘low’ priority means that both high and low priority prefixes are eligible for protection
OSPF router config mode
[no] prefix-priority high route-map <route-map>
• Routes permitted by the route-map are assigned high priority, the
rest is low priority
Route-map match statements:match tag
match route-type
match ip address
Other ‘match’ and all ‘set’ statements are ignored
OSPF – IOS - Configuration
[no] fast-reroute per-prefix tie-break <attribute> [required] index <priority>
OSPF router config mode
• Keyword ‘required’ is supported for all
attributes except ‘lowest-metric’
• If required attribute is missing, skip the
path
[no] fast-reroute keep-all-paths
• Keeps all candidate repair-paths in LRIB (for troubleshooting only)
• By default: only best repair path in RIB (conserves memory)
supported attributes
interface-disjoint broadcast-interface-disjoint srlg downstream
node-protecting linecard-disjoint primary-path secondary-path lowest-metric
OSPF – IOS - Configuration
Interface config mode
[no] ip ospf fast-reroute per-prefix protection [disable]
• Primary routes pointing to this interface will not be protected
[no] ip ospf fast-reroute per-prefix candidate [disable]
• The interface will not be used for repair paths
• LFA SPF optimization:
• If interface cannot be used for repair paths then it is not needed to
run SPF with neighbors over this interface as root.
• For example: link from a router to stub site
• Reduced number of SPF: brings total LFA FRR SPF time down
OSPF IOS - Configuration
OSPF router config mode
[no] fast-reroute per-prefix remote-lfa [area area-id] tunnel mpls-ldp
[no] fast-reroute per-prefix remote-lfa [area area-id] maximum-cost distance
• Enable remote LFA globally or per area
• Only MPLS tunneling is supported
• If not configured, Directly Connected LFA can be active
• Configure a maximum cost for the LFA tunnel
Default Tie Breaking OSPF - IOS
Tie-Breaker option Description Default Values Comment
srlg (SRLG) Prefer LFA not sharing the same Share Link Group 10 Shared risk of links
primary-path (PrimPath) Prefer primary over secondary path 20 Backup is member of ECMP set
interface-disjoint (IntfDj) Prefer path over other interface than protected one 30
lowest-metric (CostWon) Prefer lower metric 40 The metric of the backup node to D
might be higher than metric of S to D
linecard-disjoint (LC Dj) Prefer path using different linecard 50 Different linecard means also
different interface, hence this is also
link protecting
node-protecting (NodeProt) Prefer node protecting over link protecting 60
broadcast-interface-disjoint
(BcastDj)
Prefer path not using broadcast segment 70
load-sharing (LoadShare) Distribute remaining candidates among prefixes
sharing the protected path
255 Not configurable.
This is the catch-at-the-end policy
downstream (Downstr) Prefer node closer to D than S - Disabled by default
secondary-path Prefer secondary over primary path - Disabled by default
OSPF IOS – Configuration - Exampleinterface Ethernet1/0
srlg gid 100
ip address 10.1.1.4 255.255.255.0
mpls ip
!
interface Ethernet2/0
ip address 10.1.2.4 255.255.255.0
ip ospf fast-reroute per-prefix protection disable
mpls ip
!
interface Ethernet2/0
srlg gid 100
ip address 10.1.2.4 255.255.255.0
!
interface Ethernet6/0
srlg gid 200
ip address 10.1.8.4 255.255.255.0
ip ospf fast-reroute per-prefix candidate disable
!
router ospf 1
prefix-priority high route-map lfa-ospf
fast-reroute per-prefix enable prefix-priority high
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
fast-reroute per-prefix remote-lfa maximum-cost 1000
fast-reroute per-prefix tie-break srlg index 10
fast-reroute per-prefix tie-break node-protecting index 20
fast-reroute keep-all-paths
network 10.1.0.0 0.0.255.255 area 0
!
ip prefix-list lfa-high seq 5 permit 10.0.0.0/8 ge 30
!
route-map lfa-ospf permit 10
match ip address prefix-list lfa-high
SRLG on interface
Enables LFA for high prefixes
Defines high prefixes with route-map
Tie break first SRLG, then
node-protecting, nothing else
Keep all repair paths in control
plane, not only the best one
No prefix with this interface
as next-hop gets protection
The interface will not be
used for repair paths
Enables remote-lfa
Max distance for PQ router is
1000
ISIS IOS – Configuration - Exampleinterface Ethernet5/0
ip address 10.1.7.4 255.255.255.0
ip router isis 1
mpls ip
isis network point-to-point
isis fast-reroute protection level-1 disable
!
interface Ethernet6/0
ip address 10.1.8.4 255.255.255.0
ip router isis 1
isis network point-to-point
isis fast-reroute candidate level-1 disable
!
interface Ethernet7/0
ip address 10.1.5.4 255.255.255.0
ip router isis 1
isis network point-to-point
isis fast-reroute exclude level-1 Ethernet5/0
!
router isis 1
net 49.0001.0000.0000.0001.00
is-type level-1
metric-style wide level-1
fast-reroute per-prefix level-1 route-map isis-lfa
fast-reroute tie-break level-1 downstream 10
fast-reroute tie-break level-1 node-protecting 20
fast-reroute remote-lfa level-1 mpls-ldp maximum-metric 1000
!
ip prefix-list loopbacks-level-1 seq 10 permit 10.100.1.0/25 ge 32
!
route-map isis-lfa permit 10
match ip address prefix-list loopbacks-level-1
No prefix with this interface
as next-hop gets protection
The interface will not be
used for repair paths
Interface Eth5/0 cannot be
repair-path for interface Eth7/0
Tie break first downstream, then
node-protecting, nothing else
Protect only primary /32 prefixes
Max distance for PQ router is
1000
Troubleshooting
VerifyingR1#show ip ospf fast-reroute
OSPF Router with ID (10.100.1.4) (Process ID 1)
Loop-free Fast Reroute protected prefixes:
Area Topology name Priority Remote LFA Enabled
0 Base High No
AS external Base High
Repair path selection policy tiebreaks:
10 srlg
20 node-protecting
256 load-sharing
OSPF/RIB notifications:
Topology Base: Notification Disabled, Callback Not Registered
Last SPF calculation started 00:02:50 ago and was running for 3 ms.
priority low would indicate that high
and low priority prefixes are protected
Checking the Coverage
R1#show ip ospf fast-reroute prefix-summary
Area 0:
Interface Protected Primary paths Protected paths Percent protected
All High Low All High Low All High Low
Se6/0 Yes 5 2 3 2 2 0 40% 100% 0%
Se5/0 Yes 8 5 3 2 2 0 25% 40% 0%
Se3/0 Yes 0 0 0 0 0 0 0% 0% 0%
Se2/0 Yes 3 2 1 2 2 0 66% 100% 0%
Et0/0 Yes 11 6 5 3 3 0 27% 50% 0%
Area total: 37 21 16 13 13 0 35% 61% 0%
Process total: 37 21 16 13 13 0 35% 61% 0
Coverage in percentage
Per area
Per interface
High - low
# paths: counted as prefixes with unique path
so a prefix with 2 next hops in the RIB is counted as 2 paths
Verifying Repair-PathsP1#show ip route repair-paths
...
O 10.100.1.3/32 [110/11] via 10.1.3.3, 01:42:28, Ethernet3/0
Repair Path: 10.1.7.8, via Ethernet5/0
[RPR][110/21] via 10.1.7.8, 01:42:28, Ethernet5/0
P1#show ip route 10.100.1.3
Routing entry for 10.100.1.3/32
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from 10.1.3.3 on Ethernet3/0, 01:47:36 ago
Routing Descriptor Blocks:
* 10.1.3.3, from 10.100.1.3, 01:47:36 ago, via Ethernet3/0
Route metric is 11, traffic share count is 1
Repair Path: 10.1.7.8, via Ethernet5/0P1#show ip ospf rib 10.100.1.3
OSPF Router with ID (10.100.1.4) (Process ID 1)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator
*> 10.100.1.3/32, Intra, cost 11, area 0
SPF Instance 52, age 03:21:53
Flags: RIB, HiPrio
via 10.1.3.3, Ethernet3/0
Flags: RIB
LSA: 1/10.100.1.3/10.100.1.3
repair path via 10.1.7.8, Ethernet5/0, cost 21
Flags: RIB, Repair, IntfDj, BcastDj, LC Dj
LSA: 1/10.100.1.3/10.100.1.3P1#show ip cef 10.100.1.3/32
10.100.1.3/32
nexthop 10.1.3.3 Ethernet3/0 label [implicit-null|17]
repair: attached-nexthop 10.1.7.8 Ethernet5/0
RIB
LRIB
FIB (CEF)
Troubleshooting – Remote LFA
Verify repair Verify PQ routerVerify targeted LDP session
Verify MPLS labels
R1#sh ip route 10.100.1.5
Routing entry for 10.100.1.5/32
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from 10.1.4.5 on Serial5/0, 01:38:12 ago
Routing Descriptor Blocks:
* 10.1.4.5, from 10.100.1.5, 01:38:12 ago, via Serial5/0
Route metric is 11, traffic share count is 1
Repair Path: 10.100.1.11, via MPLS-Remote-Lfa4
Troubleshooting – Remote LFA
Verify repair Verify PQ routerVerify targeted LDP session
Verify MPLS labels
R1#show ip ospf rib 10.100.1.5
*> 10.100.1.5/32, Intra, cost 11, area 0
SPF Instance 81, age 1d17h
Flags: RIB, HiPrio
via 10.1.4.5, Serial5/0
Flags: RIB
LSA: 1/10.100.1.5/10.100.1.5
repair path via 10.100.1.11, MPLS-Remote-Lfa4, cost 31
Flags: RIB, Repair, IntfDj, BcastDj, LC Dj, LoadShare
LSA: 1/10.100.1.5/10.100.1.5
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
MPLS-Remote-Lfa4 10.1.5.1 YES unset up up
MPLS-Remote-Lfa5 10.1.4.1 YES unset up up
PQ router
Troubleshooting – Remote LFA
Verify repair Verify PQ routerVerify targeted LDP session
Verify MPLS labels
R1#show ip ospf fast-reroute remote-lfa tunnels
Interface MPLS-Remote-Lfa4
Tunnel type: MPLS-LDP
Tailend router ID: 10.100.1.11
Termination IP address: 10.100.1.11
Outgoing interface: Ethernet0/0
First hop gateway: 10.1.5.6
Tunnel metric: 21
Protects:
10.1.4.5 Serial5/0, total metric 31
...
PQ router
What primary next-hops are
protected? (could be more
than one)
Troubleshooting – Remote LFA
Verify repair Verify PQ routerVerify targeted LDP session
Verify MPLS labels
R1#sh mpls ldp neighbor 10.100.1.11
Peer LDP Ident: 10.100.1.11:0; Local LDP Ident 10.100.1.1:0
TCP connection: 10.100.1.11.43185 - 10.100.1.1.646
State: Oper; Msgs sent/rcvd: 72/72; Downstream
Up time: 00:28:54
LDP discovery sources:
Targeted Hello 10.100.1.1 -> 10.100.1.11, active
Addresses bound to peer LDP Ident:
10.1.13.11 10.1.18.11 10.1.14.11 10.100.1.11
R1#sh mpls ldp discovery
Discovery Sources:
Interfaces:
Ethernet0/0 (ldp): xmit/recv
LDP Id: 10.100.1.6:0
Targeted Hellos:
10.100.1.1 -> 10.100.1.11 (ldp): active, xmit/recv
LDP Id: 10.100.1.11:0
The Targeted LDP Session could be set up either by configuration or the FRRManager
Troubleshooting – Remote LFA
Verify repair Verify PQ routerVerify targeted LDP session
Verify MPLS labels
R1#show ip cef 10.100.1.5 detail
10.100.1.5/32, epoch 0
local label info: global/33
nexthop 10.1.4.5 Serial5/0 label [implicit-null|37]
repair: attached-nexthop 10.100.1.11 MPLS-Remote-Lfa4
nexthop 10.100.1.11 MPLS-Remote-Lfa4, repair
R1#show mpls ldp bindings 10.100.1.5 32
lib entry: 10.100.1.5/32, rev 50
local binding: label: 33
remote binding: lsr: 10.100.1.2:0, label: 37
remote binding: lsr: 10.100.1.4:0, label: 36
remote binding: lsr: 10.100.1.5:0, label: imp-null
remote binding: lsr: 10.100.1.11:0, label: 37remote LFA label received from the PQ node over
the targetted session
remote LFA label
primary label
Troubleshooting - Debugging
R1#debug ip ospf fast-reroute rib ?
<1-199> Access list
<1300-2699> Access list (expanded range)
<cr>
See next two slidesR1#debug ip ospf fast-reroute spf ?
detail Print more debugging detail
<cr>
Troubleshooting - Debugging
OSPF-1 INTRA: Running SPF for area 0, SPF-type Full
A major change in the network causes OSPF to run a full SPF and FRSPF
OSPF-1 FRSPF: Scheduling IPFRR SPF, change 'X', area dummy area, instance 440
...
OSPF-1 FRSPF: Create list of candidate neighbors for intra SPF in area 0
OSPF-1 FRSPF: Adding neighbor 10.100.1.8 via Serial6/0 to SPF work queue
OSPF-1 FRSPF: Adding neighbor 10.100.1.7 via Ethernet0/0 to SPF work queue
...
OSPF-1 FRSPF: Intra-area calcualtion for neighbor 10.100.1.7 in area 0
Normal full SPF
Adding router LSAs and building SPT
Adding summaries, externals, etc.
Start of FRSPF
The neighbors of the
calculating router for which
rSPF will be run
rSPF for one neighbor
RmtLFA is enabled: extended
P-space is built as well
P legs are stored in the remote
LFA tree
OSPF-1 FRSPF: Add router 10.100.1.7 to P-space via neighbor 10.100.1.7
OSPF-1 FRSPF: Adding first hop via 10.1.5.7 Ethernet0/0
...
Troubleshooting - Debugging
OSPF-1 FRSPF: Need RmtLFA tunnel for primary gateway 10.1.1.2 Serial2/0 in area 0 due to unprotected 10.1.7.0/24
...
OSPF-1 FRSPF: RmtLFA starting rSPF in area 0
OSPF-1 FRSPF: Found router 10.100.1.11 in Q-space of gateway 10.1.5.6 Eth0/0
OSPF-1 FRSPF: protecting via 10.1.4.5 Serial5/0 with tunnel/total cost
20/30, flags (Repair, IntfDj, BcastDj, SRLG, LC Dj)
OSPF-1 FRSPF: currently best known tunnel
%LDP-5-NBRCHG: LDP Neighbor 10.100.1.13:0 (3) is UP
OSPF-1 FRSPF: Place tunnels in area 0
OSPF-1 FRSPF: Starting RmtLFA scan
OSPF-1 FRSPF: Intra-area reverse SPF calcualtion for neighbor 10.100.1.6 in area 0
Start RmtLFA scan
Neighbors for which there is at least one
unprotected prefix: remote LFA will be
checked (but not necessarily found) for
these neighbors
Start rSPF for RmtLFA
Run rSPF for each of the next-hops,
with the next-hop as root
Found Q leg
Trying to match P legs and Q
legs, resulting in PQ nodes
Tunnels are placed to PQ nodes
One or more Targetted LDP neighbors come up
OSPF – Per Neighbor Table
D(N,D) < D(N,E) + D(E,D)
D(N,D) equals D(S,D)viaN - D(S,N)
D(S,D)viaN - D(S,N) < D (N,E) + D(S,D) - D(S,E)
D(N,E) + D(E,D) equals D (N,E) + D(S,D) - D(S,E)
S
E is the primary
next hop router
N is the protecting
next hop router
E
N
D
Base LFA condition
Distance from N to D is not needed and hence D(N,D) is not stored– The distance from a neighbor to all other routers is not needed– The same applies to D(E,D)
Some info needs to be stored in new tables to be used by partial SPF in between full SPFs: per-neighbor table
Stored in LRIB (primary path)
Stored in LRIB (repair path)
Stored in per neighbor table
D(S,N) & D(S,E) stored internally
Per-Neighbor TableExample for one neighbor
R1# show ip os neighbor fast-reroute | begin ID 10.100.1.2
Neighbor with Router ID 10.100.1.2:
Reachable over:
Serial2/0, IP address 10.1.1.2, cost 10
Router distance table:
10.100.1.1 i [10]
10.100.1.2 i [0]
10.100.1.3 i [10]
10.100.1.9 i [25]
10.100.1.10 i [30]
10.100.1.13 i [40]
Network LSA distance table:
10.1.5.7 i [20]
External LSA forwarding address distance table:
10.200.1.2 i [50] via 10.200.1.0/24
neighbor N of S
(root of SPF)
D(S,N)
neighbors E of S
with D(N,E)
ABRs/ASBRs with
D(N,ABR/ASBR)
D(N,PN)
cost from N to DR
equivalent info as “show …” command on router with ID 10.100.1.2
R2#show ip ospf border-routers
i 10.100.1.9 [25] via 10.1.1.1, Serial2/0, ASBR, Area 0, SPF 25
i 10.100.1.10 [30] via 10.1.7.3, Serial3/0, ABR, Area 0, SPF 25
i 10.100.1.13 [40] via 10.1.1.1, Serial2/0, ABR/ASBR, Area 0, SPF 25
R2# show ip route 10.200.1.2
Routing entry for 10.200.1.0/24
Known via "ospf 1", distance 110, metric 50, type intra area
Last update from 10.1.1.1 on Serial2/0, 2d23h ago
Routing Descriptor Blocks:
* 10.1.1.1, from 10.100.1.13, 2d23h ago, via Serial2/0
Route metric is 50, traffic share count is 1
R2#show ip ospf database network
LS Type: Network Links
Link State ID: 10.1.5.7 (address of Designated Router)
Advertising Router: 10.100.1.7
Length: 36
Network Mask: /24
Attached Router: 10.100.1.7
i intra-area route
I inter-area route
N
S
(R2)
To Forwarding Address
IOS-XRRP/0/RP1/CPU0:MeltDown#show route
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is 10.48.32.1 to network 0.0.0.0
O E2 1.1.1.1/32 [110/0] via 10.1.2.7, 00:08:34, GigabitEthernet0/0/4/0 (!)
[110/20] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3
O 10.1.8.0/24 [110/2] via 10.1.7.4, 00:31:10, GigabitEthernet0/0/4/2
O 10.1.9.0/24 [110/3] via 10.1.7.4, 00:08:34, GigabitEthernet0/0/4/2
[110/0] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3 (!)
Troubleshooting OSPF - IOS-XRRP/0/RP1/CPU0:MeltDown#show ospf
…
IPFRR per-prefix tiebreakers:
Name Index
No Tunnel (Implicit) 255
Node Protection 40
Line-card Disjoint 30
Lowest Metric 20
Primary Path 10
Downstream 0
Secondary Path 0
SRLG Disjoint 0
…
Area BACKBONE(0)
Number of interfaces in this area is 4
SPF algorithm executed 24 times
Number of LSA 12. Checksum Sum 0x045507
…
Flood list length 0
Number of LFA enabled interfaces 3, LFA revision 29
Number of Per Prefix LFA enabled interfaces 3
Number of neighbors forming in staggered mode 0, 2 full
Default or configured tie breakers
Troubleshooting OSPF - IOS-XR
RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.6/32 backup-path
Codes: O - Intra area, O IA - Inter area
O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 10.1.100.6/32, metric 3 area 0.0.0.0
10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2, path-id 1
Backup path:
10.1.1.7, from 10.1.100.7, via GigabitEthernet0/0/4/1, protected bitmap 0x1
Attribues: Metric: 2, Downstream, Node Protect, SRLG Disjoint
RP/0/RP1/CPU0:MeltDown#show ospf statistics fast-reroute
ospf_show_stats_ipfrr
OSPF 1 IPFRR Statistics:
Number of paths: 16
Number of paths enabled for protection : 16 (100%)
Number of paths protected: 13 (81%)
Troubleshooting Roundup• LFA coverage might not be 100%
• LFA is default only for /32 prefixes
• LFA enabled for external prefixes?
• Potential Remote LFA issues
• LDP targeted session enabled?
• Enable “fast-reroute keep-all-paths” in IOS in order to easily compare the path attributes
• Use show commands (IOS or IOS-XR equivalent commands)• show ip route <prefix>
• show ip route repair <prefix>
• show ip ospf rib <prefix>
• show ip cef <prefix>
• Use debug commands
EIGRP
EIGRP - LFA
• Only Per-Prefix LFA
• EIGRP uses the Diffusing Update Algorithm (DUAL) to calculate the successor and feasible successors
• Uses existing Feasible Successors for repair paths, so no additional computational load
• New: repair route is ready in the data plane
• Automatically enabled on all interfaces covered by the protocol
• Repair paths can be equal or unequal cost (though variance command)
Feasible Successor
256*
min
107
delays
bandwidthmetric
router#show ip eigrp topology 10.1.100.1 255.255.255.255
EIGRP-IPv4 VR(one) Topology Entry for AS(1)/ID(10.1.100.3) for 10.1.100.1/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1376256, RIB is 10752
Descriptor Blocks:
10.1.11.1 (GigabitEthernet1/10), from 10.1.11.1, Send flag is 0x0
Composite metric is (1376256/131072), route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 11000000 picoseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Originating router is 10.1.100.1
10.1.5.7 (GigabitEthernet1/4), from 10.1.5.7, Send flag is 0x0
Composite metric is (1376583/131399), route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 11005000 picoseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1000
Hop count is 2
Originating router is 10.1.100.1
Feasibility Condition (loopfree) = Reported Distance (RD) by neighbor is lower than Feasible Distance (FD)
Feasible Distance (FD)
Reported Distance (RD)
Successor
Feasible Successor
RD < FD
131399 (RD) < 137625 (FD)
Repair Path
IP-FRR LFA enabled?
EIGRP - LFA
• Coverage is not necessarily 100%
• Design the network to have Feasible Successors
E1
N
S
E2
E4
E3
D
100100
Successor
FD = 200
300 150
190
210
300
200
50
50
Feasible Successors
Non-Feasible Successors
Primary Path
Potential Repair Paths
Configuration & Troubleshootingrouter eigrp one
!
address-family ipv4 unicast autonomous-system 1
!
topology base
fast-reroute per-prefix all
exit-af-topology
network 10.0.0.0
router#show ip eigrp topology frr
P 10.1.100.1/32, 1 successors, FD is 1376256
via 10.1.11.1 (1376256/131072), GigabitEthernet1/10
via 10.1.5.7 (1376583/131399), GigabitEthernet1/4, [LFA]
• [no] fast-reroute load-sharing disable
• [no] fast-reroute per-prefix {all|route-map}
• [no] fast-reroute per-prefix tiebreak {lowest-backup-path-metric | interface-disjoint | linecard-disjoint | srlg-disjoint} <priority number>
• debug eigrp frr
• show ip eigrp topology frr
TI-LFA
• Leverages Segment Routing (SR)
• Can provide 100% coverage
• What is Segment Routing?
• Source routing – ordered list of segments
• Stack of MPLS labels
• IPv6 Routing Extension
• MPLS labels are advertised by the IGP
• Simplicity
• TI-LFA = SR + LFA
• TI-LFA provides Link and Node Protection
• TI-LFA uses P/Q nodes
Topology Independent (TI) LFA
A B C D
E F G H
I
319
1900
2000
319
1900
2000
319
1900
319
segment 1segment 2
segment 3
319
TI-LFA IOS-XR Example
P Q
A
B
C
D
G
F
E
1
1
1
10
1
1
segment 1
segment 3
segment 2319
1900
319319
1900
2000
• Calculate P and Q space
• Calculate post-convergence path
• Find P and (adjacent) Q router
• P and Q can be different router!
• Almost full coverage with 2 segments (~99%)
• Prefer less segments
• Fallback to remote LFA if TI-LFA finds no repair paths
• Enabled by configuration
• Prefer least amount of segments
• Node protection preferred over link protection
• Less tie-breakers
• load-share, lowest-backup-metric, lc-disjoint and srlg-disjoint
• Use post-convergence path
• Less convergence
• No need for targeted LDP session
TI-LFA IOS-XRrouter ospf 1
router-id 10.100.1.2
fast-reroute per-prefix ti-lfa enable
MATE
• Modeling, simulating, forecasting, planning, optimization, analysis of complex networks
• Offline and online
• Network discovery
• IGP, BGP, MPLS TE, QOS, Layer, VPN, and multicast
• IPFRR-LFA Add-on
• TI-LFA Add-on
MATE
Technote on MATE IPFRR LFA Add-on
http://www.cisco.com/c/en/us/support/docs/routers/mate-design/118769-technote-ipfrr-00.html
IPFRR LFA Add-on
IPFRR LFA Coverage/PQ Node
100% coverage
0% coverage0% < coverage < 100%
Conclusion
Conclusion
TI-LFA
Remote LFA
Direct LFA
Topology coverage
ring
square
little
meshed
extreme link
metrics
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
Appendix
Configuration IOS-XR - OSPFCommand Router / Interface Comment
fast-reroute per-prefix router/interface
fast-reroute per-link router/interface
fast-reroute per-prefix exclude interface {interface-name} interface
fast-reroute per-prefix lfa-candidate interface {interface-name}
interface used for allowing TE tunnel (explicit-path)
other interface types are by default on the lfa-candidate list
fast-reroute per-prefix use-candidate-only interface
[no] fast-reroute per-link use-candidate-only interface
fast-reroute per-link lfa-candidate interface {interface-name} interface
Configuration IOS-XR - OSPF
Command Router /
Interface
Comment
fast-reroute per-prefix load-sharing disable router
fast-reroute per-prefix priority-limit [critical|high|medium] router same or higher priority only will be calculated
fast-reroute per-link priority-limit [critical|high|medium] router
fast-reroute per-prefix remote-lfa tunnel mpls-ldp router
fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295> router
fast-reroute {per-prefix|per-link} use-candidate-only router
fast-reroute per-prefix tiebreaker {downstream | lc-disjoint | lowest-
backup-metric | lowest-backup-metric | primary-path | secondary-path} index <value>
router
Configuration IOS-XR - ISISCommand Router /
Interface
Comment
fast-reroute {per-link|per-prefix} Interface
fast-reroute per-prefix exclude interface {interface-name} Interface
fast-reroute per-prefix lfa-candidate interface {interface-name} Interface used for allowing TE tunnel (explicit-path)
other intf types are by default on the lfa-candidate list
fast-reroute per-prefix level {1-2} Interface both L1 and L2 can be enabled
fast-reroute per-prefix load-sharing disable Router
fast-reroute per-prefix priority-limit [critical|high|medium] Router same or higher priority only will be calculated
fast-reroute per-prefix use-candidate-only Router
fast-reroute per-prefix tiebreaker {downstream|lc-disjoint|lowest-
backup-metric|lowest-backup-metric|primary-path|secondary-path} index <value>
Router
fast-reroute per-prefix remote-lfa tunnel mpls-ldp Router
fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295> Router
Configuration IOS-XR - ISIS
Command Router /
Interface
Comment
fast-reroute per-link lfa-candidate interface {interface-name} Interface
fast-reroute per-link exclude {interface-name} Interface
fast-reroute per-link level {1-2} Interface both L1 and L2 can be enabled
fast-reroute per-link priority-limit [critical|high|medium] Router same or higher priority only will be calculated
fast-reroute per-link use-candidate-only Router
Default Tie Breaking ISIS - IOSTie-Breaker option Description Default values
IOS ISIS
Comment
srlg (SRLG) Prefer LFA not sharing the same Share Link Group 10 Shared risk of links
primary-path (PrimPath) Prefer primary over secondary path 20 Backup is member of
ECMP set
lowest-backup-path-metric Prefer lower metric 30 The metric of the backup
node to D might be higher
than metric of S to D
linecard-disjoint (LC Dj) Prefer path using different linecard 40 Different linecard means
also different interface,
hence this is link protecting
node-protecting (NodeProt) Prefer node protecting over link protecting 50
load-sharing (LoadShare) Distribute remaining candidates among prefixes sharing
the protected path
255 Not configurable.
This is the catch-at-the-end
policy
downstream (Downstr) Prefer node closer to D than S - Disabled by default
secondary-path Prefer secondary over primary path - Disabled by default
Default Tie Breaking OSPF – IOS-XR
Tie-Breaker option Description Default values
IOS-XR OSPF
Comment
node-protecting 40
lc-disjoint Prefer path using different linecard 30 Different linecard means also
different interface, hence this
is link protecting
lowest-backup-metric Prefer lower metric 20
primary-path Prefer primary over secondary path 10 Prefer primary over
secondary path
Downstream Prefer node closer to D than S 0
SRLG-disjoint Prefer LFA not sharing the same Share Link
Group
0
secondary-path Prefer secondary over primary path 0
load-sharing (LoadShare) Distribute remaining candidates among
prefixes sharing the protected path
255 Can be disabled
0 = not considered
Default Tie Breaking ISIS – IOS-XRTie-Breaker option Description Default values
IOS-XR ISIS
Comment
primary-path (PrimPath) Prefer primary over secondary path 10 Backup is member of
ECMP set
lowest-backup-path-metric Prefer lower metric 20 The metric of the backup
node to D might be higher
than metric of S to D
linecard-disjoint (LC Dj) Prefer path using different linecard 30 Different linecard means
also different interface,
hence this is link protecting
node-protecting (NodeProt) Prefer node protecting over link protecting 40
load-sharing (LoadShare) Distribute remaining candidates among prefixes sharing
the protected path
255 Not configurable.
This is the catch-at-the-end
policy
srlg (SRLG) Prefer LFA not sharing the same Share Link Group - Disabled by default
downstream (Downstr) Prefer node closer to D than S - Disabled by default
secondary-path Prefer secondary over primary path - Disabled by default
Default Tie Breaking EIGRP– IOS
Tie-Breaker option Description Default values
IOS OSPF
Comment
srlg (SRLG) Prefer LFA not sharing the same Share Link Group 10 Shared risk of links
interface-disjoint (IntfDj) Prefer path over other interface than protected one 20
lowest-backup-path-metric Prefer lower metric 30 The metric of the backup
node to D might be higher
than metric of S to D
linecard-disjoint (LC Dj) Prefer path using different linecard 40 Different linecard means
also different interface,
hence this is link protecting
Troubleshooting ISIS - IOS
R1#show isis fast-reroute summary
Tag null:
Microloop Avoidance State: Disabled
IPv4 Fast-Reroute Protection Summary:
Prefix Counts: Total Protected Coverage
High priority: 0 0 0%
Normal priority: 30 26 86%
Total: 30 26 86%
Troubleshooting ISIS - IOSrouter#show isis rib 10.1.100.7 255.255.255.255
IPv4 local RIB for IS-IS process one
IPV4 unicast topology base (TID 0, TOPOID 0x0) =================
Repair path attributes:
DS - Downstream, LC - Linecard-Disjoint, NP - Node-Protecting
PP - Primary-Path, SR - SRLG-Disjoint
10.1.100.7/32
[115/L1/20] via 10.1.5.7(GigabitEthernet1/4), from 10.1.100.7, tag 0, LSP[6/17]
(installed)
repair path: 10.1.6.7(GigabitEthernet1/5) metric:20 (PP,DS,SR) LSP[6]
[115/L1/20] via 10.1.6.7(GigabitEthernet1/5), from 10.1.100.7, tag 0, LSP[6/17]
(installed)
repair path: 10.1.5.7(GigabitEthernet1/4) metric:20 (PP,DS,SR) LSP[6]
repair path attributes
Troubleshooting ISIS - IOS
router#debug isis fast-reroute path-selection ?
<1-199> Access list of prefixes
<1300-2699> Access list (expanded range)
level-1 Apply to Level 1
level-2 Apply to Level 2
terse Minimal fast-reroute path selection debug
<cr>
Limit output by using ACL when
debugging
fSPF runs
500 ms after SPF
per-level
debug isis fast-reroute path-selection
show isis fast-reroute remote-lfa tunnels
Troubleshooting Per-Link LFA – IOS-XR
RP/0/RP1/CPU0:PE1#show ospf neighbor 10.1.100.7
* Indicates MADJ interface
Neighbors for OSPF ldg
Neighbor 10.1.100.7, interface address 10.1.2.7
In the area 0 via interface GigabitEthernet0/0/4/0
Neighbor priority is 1, State is FULL, 6 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:32
Neighbor is up for 00:07:30
Number of DBD retrans during last exchange 0
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0(0)/0(0) Next 0(0)/0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
LFA Info: Interface GigabitEthernet0/0/0/3, Next-Hop 10.1.11.3, Neighbor ID 10.1.100.3, revision 48
LS Ack list: NSR-sync pending 0, high water mark 0