IP LFA (Loop-Free-Alternative): Architecture and Troubleshooting BRKRST-3020
Luc De Ghein Technical Leader Services
Agenda § Introduction § LFA Overview § LFA Architecture – Per-link vs per-prefix – Repair path selection and tie-breakers – Remote LFA – Repair path in data plane
§ Configuration, implementation and troubleshooting (OSPF, ISIS, EIGRP) in IOS and IOS-XR § Conclusion
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3
Introduction
Introduction § Best-effort traffic delivery for IPv4/v6 was good enough § Service failures caused by routing transitions are largely hidden by higher-level protocols that retransmit the lost data § But, this not good enough anymore for voice and video traffic § We need something better: IP-FRR – Low-hanging fruit – MPLS is not needed
§ One implementation is LFA § IPv4 is used throughout the presentation – same principles apply to IPv6
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
5
Goal - Benefits § Provide FAST restoration of traffic flow in case of network failure – Designed to give the same speed of recovery as MPLS TE FRR
§ Does not require MPLS to function (though may protect MPLS traffic if present) – Remote LFA does require MPLS at this time
§ The goal was to provide 50 ms restoration (actual speed depends on platform) § Protect – – – –
One single link failure One single node failure No path protection Multiple failure conditions are not covered
§ Simpler than MPLS TE FRR to configure and operate § Good scalability § Incremental deployment – no inter-router signaling specific to LFA FRR BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
No signaling protocol
6
LFA Overview
Convergence, Protection, Restoration § Convergence – In case of failure, the routing protocol computes new best path – New best path gets installed in data plane
1-5 sec
§ Fast convergence – Same as above, but faster – Tuned routing protocol
< 1 sec
§ Pre-computed backup path – For speed: pre-computed backup/repair path needed, in data plane
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
50-100 msec
8
LFA and MPLS TE Comparison LFA FRR
MPLS TE FRR
Repair Path
Least cost
Constraints based with bandwidth guarantee and path control
Link Protection
Yes
Yes
Node Protection
Yes
Yes
Path Protection
No
Yes
Control Plane Requirements
None
RSVP-TE
Provisioning
Minimal Configuration
Significant
Network Topology
Effective with mesh
No dependency. Always works.
SRLG
Yes
Yes
Load distribution over multiple repair paths
Yes
No
IPv6 support
Yes
No
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
Reducing Loss Of Connectivity (LoC) Control Plane Fast Convergence
Data Plane Convergence (FRR)
t0 Failure Detection t1 Failure Propagation (Flooding, Updates, etc) t2 Topology/Routing Recalculation t3 Update Routing and Forwarding Table (RIB/FIB)
t0 Failure Detection tR Switchover to (pre-computed) backup path t1 Failure Propagation (Flooding, Updates, etc) t2 Topology/Routing Recalculation t3 Update Routing and Forwarding Table (RIB/FIB)
LoC
t0
t1
t2
failure
LoC
t3
t4
t0 tR t1
t2
t3
t4
failure BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10
LFA Architecture
Principal Idea Behind LFA repair path R3
R1
R2
primary path § R1 has best path : R1-R2 § R1 computes repair path R1-R3-R2 = Loop-Free Alternate (LFA) – Repair path does not go over link R1-R2 – Next hop router R3 delivers traffic to destination without returning the traffic to R1
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
Building Blocks of LFA Requirement
Building Block of LFA
Speed
Pre-compute repair path
Speed of restoration
Put repair path in data plane (CEF)
Fast detection
Fast Link down detection – best to use BFD
Cleanup
Normal convergence occurs after the event
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
13
Principal Mechanism of LFA Normal Shortest Path Calculation (SPF) topology
SPT
root router &
A
A
10 B
10
20 10
10
E
D
F
30 10
10 10
E
30
10 G
C
10
30
10
calculating node
10
B
C
10
D
SPF
10
10 G
H
F
H
10 G
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
Principal Mechanism of LFA The trick = calculating router runs SPF with other router as root topology
SPT calculating node
10
D
10
10
B
SPF
C
20
10 10
root router
C
A
10
E
A
E
10
30
10
10
B
F
30
10 D
30
10
G
F
10
10 G
10
H
reverse SPF = rSPF
§ All of the LFA (directly connected and remote) is made possible by the calculating router running an SPF with its neighbor(s) as root – An SPF with any router in the area as root is not needed (but could be theoretically done) BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
H
10 G
15
General Theory – Definitions primary path E
S
D N
Name
Definition
S
Source (local) router
The router where all calculations are done
D
Destination router
The router where the prefixes are connected
N
Neighboring router
The neighbor router which is the alternate next hop router under investigation
E
Another neighboring router
The primary next hop router
D(A,B)
Distance
The lowest cost from A to B
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16
General Theory - Rules Loop Free Alternate
E is the primary next hop router
Inequality 1: D(N,D) < D(N,S) + D(S,D) “Path is loop-free because N’s best path is not through local router.” Traffic sent to backup next hop is not sent back to S.
E
Downstream Path Inequality 2: D(N,D) < D(S,D)
S
D
“Neighbor router is closer to the destination than local router.” Loop-free is guaranteed even with multiple failures (if all repair-paths are downstream path). N
Node protection
N is the protecting next hop router
Inequality 3: D(N,D) < D(N,E) + D(E,D) “N's path to D must not go through E.” “The distance from the node N to the prefix via the primary next-hop is strictly greater than the optimum distance from the node N to the prefix.“ BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
17
General Theory - Rules Loop Free Link Protecting for Broadcast Link Inequality 4: D(N,D) < D(N,PN) + D(PN,D) “the link from S to N should not be the same as the protected link” “the link from N to D should not be the same as the protected link”
0
S
0
N
PN
D
0
E
PN = PseudoNode representing the BroadCast link with cost 0 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18
General Theory Examples
10
D(N,D) < D(N,S) + D(S,D)
Loop Free Alternate
Inequality 2
D(N,D) < D(S,D)
Downstream path
Inequality 3
D(N,D) < D(N,E) + D(E,D)
Node protection
Inequality 1: 11 < 12 + 15 ?
5
E
Inequality 1
Inequality 2: 11 < 15 ? S
D
12
11
Inequality 3: 11 < 16 + 5 ?
N
10
E
Inequality 1: 20 < 12 + 15 ?
5
Inequality 2: 20 < 15 ? S
D
12
20
Inequality 3: 20 < 22 + 5 ?
N
10
Inequality 1: 25 < 12 + 15 ?
5
E
20 S
D
Inequality 2: 25 < 15 ?
12 N BRKRST-3020
Inequality 3: 25 < 20 + 5 ? © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
General Theory Examples Bis
22
Inequality 1: 25 < 10 + 27 ?
5
E
Inequality 2: 25 < 27 ?
20
S
D(N,D) < D(N,S) + D(S,D)
Loop Free Alternate
Inequality 2
D(N,D) < D(S,D)
Downstream path
Inequality 3
D(N,D) < D(N,E) + D(E,D)
Node protection
D
20
Inequality 3: 25 < 20 + 5 ?
N
10
Inequality 1
E
Inequality 1: 27 < 12 + 15 ?
5
S
D
12
Inequality 2: 27 < 15 ?
27 N
BRKRST-3020
Inequality 3: 27 < 22 + 5 ?
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20
General Theory Example 4th Inequality “the link from S to N should not be the same as the protected link” “the link from N to D should not be the same as the protected link” 8
10
25
Inequality 1
D(N,D) < D(N,S) + D(S,D)
Loop Free Alternate
Inequality 2
D(N,D) < D(S,D)
Downstream path
Inequality 3
D(N,D) < D(N,E) + D(E,D)
Node protection
Inequality 4
D(N,D) < D(N,PN) + D(PN,D)
Loop Free Alternate BC
N
0 10 21
S
0
D
PN 0
11
10
D(N,D) = 21 and path goes through the PN
E
Inequality 4: 21 < 10 + 11 ?
BRKRST-3020
Loop-free for BC link
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21
General Theory Per-Link versus Per-Prefix LFA Per-Prefix
Per-Link D1
10 10
N1
10
10
10 10
D1
5 E
D1 + D2
5 N2
10
10
D1
5
S
10
N1
E
S
10 D2
§ Backup path carries traffic for all destinations through primary next hop § There is no difference in path for prefixes to D1 or D2 § Can lead to overloaded links S-N2 and N2-E § Node protection is possible, but not guaranteed (topology dependent) § Node protection if path is S-N1-D1, but then suboptimal path for prefixes to D2
D2
10
5 N2
10 D2
§ Two different backup path can carry traffic for different prefixes through primary next hop, and hence produce better load sharing § More complex calculations than per-link LFA, computation is for each neighbor of S and perprefix
Per-Link LFA or per-prefix LFA is chosen per interface!
§ Simple computation, single rSPF per protected neighbor BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22
Inequality 1
D(N,D) < D(N,S) + D(S,D)
General Theory
Loop Free Alternate
Per-Link versus Per-Prefix LFA: Coverage Per-Link
Per-Link 10
N
15
20
B
S
10
15
X
20
B
S
10
10 E
X+Y
15
N
X
10 E
X+Y
Y
Y
§ E is primary next-hop for prefixes X and Y
§ E2 is primary next-hop for prefixes X and Y
§ Inequality 1 : prefix X : 15 < 10 + 20
§ Inequality 1 : prefix X : 15 < 15+ 20
§ Inequality 1 : prefix Y : 20 < 10 + 10
§ Inequality 1 : prefix Y : 20 < 15 + 10
§ No protection for prefix X and Y !
§ Protection for prefix X and Y !
Conclusion? BRKRST-3020
All or nothing (prefixes) with Per-Link LFA
Prefixes reachable through the same primary next-hop, share the same backup
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
23
General Theory Per-Link LFA Limitation 30 16
N1
70
Prefix from D1, NH = D1, cost = 30 Prefix from D2, NH = S, cost = 81 40
D1
5 30
E
S
5
20 N2
16
30 D2
N1
70
40
D1
5 E
S
15
20 N2
30 D2
Prefix from D1, NH = S, cost = 51 Prefix from D2, NH = E, cost = 50
§ Traffic to D2 is forwarded to E on N2
§ Traffic to D1 is forwarded to D1
§ Traffic to D1 is U-turned on N2, back to S
§ Traffic to D2 is U-turned on N1, back to S
Conclusion? BRKRST-3020
Per-Link LFA does not always work
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
24
General Theory Comments/Coverage § LFA
S
– Very good network coverage – µ–loops possible
E
D
§ Downstream paths – No µ–loop possible – Less network coverage
N
link- without node-protection can cause microloop
§ Ring topology: no coverage
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
25
Load Balancing/ECMP § ECMP : more than one primary next hop § The other primary next hops might provide: • • •
only link protection only node protection both link and node protection
alternate path
18
10
N1
14
Depending on the defaults and configuration, the althernate NHs can be another primary NH or an alternate nonprimary NH
10
S
D 10
14
N2 5
5
primary path
Using primary NH as alternate NH •
Pro: no µ–loop possible
•
Con: congestion is possible
N3 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26
IP-FRR and MPLS § LDP follows the topology calculated by the routing protocol § LDP requirement: Downstream Unsolicited; Liberal Retention – No issue (always, except for ATM interfaces)
§ Forwarding plane considers the fact that protecting label is different for each prefix – Same LFA but different protecting label per prefix
§ IP FRR transparently supports VPN, VPLS, 6PE/6VPE – Check if it is supported
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27
Micro-Loops § A loop – short in time § Resolved by normal link state convergence, i.e. loop until first SPF § During the reconvergence period some routers in the network forward traffic based on the 'old' forwarding table and some routers have already switched to use the 'new' forwarding table § Result of difference in updating speed on routers – CPU, forwarding ASICs, difference in distance in topology
§ Duration of loops is bounded by the reconvergence time of the slowest routers § Microloop can happen close to the failure or far from it § Loop is after S reconverges, but other router did not finish reconverging yet
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28
Micro-Loops rLFA tunnel
§ Link failure S-D – – – – –
t0 Link failure detected tR IP-FRR kicks in on S t1 Failure Propagation (Flooding, Updates, etc) t2 Topology/Routing Recalculation (SPF runs on S) t3-t4 Update Routing and Forwarding Table (RIB/FIB)
§ t4 end of updating on S § t5 end of updating on N § [t3-t4]-[t4-t5] N still has route for D, pointing to S: loop § t5 loop resolved: N finished updating its tables: then route for D points to R1 failure BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
N
R1
R2
S
D
LoC
t0 tR t1
loop
t2
t3
Cisco Public
t4
t5 29
Micro-Loops § Micro loops – A loop – short in time – Resolved by normal link state convergence, i.e. loop until first SPF
§ Methods are proposed to prevent micro-loops (RFC 5715) – Is it worth it?
§ Solution – Routers connected to failed link delay updating forwarding table § Until all other routers have converged – RIB delay timer
§ In the meantime, traffic remains on rLFA protected path
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
30
Remote LFA The Problem & The Solution The problem § Directly connected LFA does not cover all – No neighbor is found which is an LFA – Remote LFA covers more – Typically a ring topology will need remote LFA
S
1
R2
Remote LFA (encap tunnel) The solution
1
1
1
R5
R4
§ Remote LFA: tunnel the packets to a router which can deliver the packets without going across the failed link
© 2014 Cisco and/or its affiliates. All rights reserved.
D
1
R3
BRKRST-3020
1
Cisco Public
31
Remote LFA No 100% Coverage § No tunnel to remote LFA is possible – A tunnel to R3 is not good enough (far enough), because the cost from R3 to router D is 6 counter clockwise vs 3 clockwise – Packets coming out of the tunnel on R3 would be sent back to R1 clockwise
§ A tunnel to R4 is good enough (far enough), because the cost from R4 to router D is 2 counter clockwise vs 7 clockwise – But the tunnel is not possible because the cost from R2 to R4 is 5 counter clockwise vs 4 clockwise – R2 would send tunneled packets back to router S clockwise
S
1
1
R2
D
1
1
R3
R5
4
1 R4
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
32
Remote LFA Finding the Tunnel Endpoint
P space of Router S
S
Q space of Router E
E
PQ
P-space of router S and the link SE
Q-space of the router E and the link SE
It is the set of routers that S can reach without passing through the link SE (including ECMP)
It is the set of routers that can reach the router E without passing through the link SE
A router common to both P and Q space is called a PQ router If S tunnels a packet to the PQ router, then the packet is guaranteed to reach E without passing through link SE BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
An algorithm is needed to pick a PQ router if multiple candidates exist
33
Remote LFA Extended P-Space
P space of Router S
S
Q space of Router E
E
N PQ
Extended P-space of router S and the link SE The set of links that all of neighbors of router S can reach without passing through the link SE
Extended P-space = P-space of each neighbor and the protected link Extended = more prefix coverage BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34
Remote LFA Calculating the P-space topology
SPT after pruning protected link branch
SPT
A
A
SPF
A
pruning
B
C
B
C
B
D
E
D
E
D
§ § §
Compute SPF rooted in the protecting node Any node reachable through protected link branch does NOT belong to the P-space Prune branch going through protected link (including ECMP)
§
Routers B and D constitute the P space – –
P-space
A can reach B and D without going through AC B and D are candidate PQ/release nodes BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
35
Remote LFA Calculating the Q-space topology A
B
SPT after pruning protected link branch
rSPT rooted at C A
rSPF C
B
pruning C
C
Q-space D
E
D
D
E
E
§ § §
only one rSPF needed = cheap Compute Reverse SPF rooted on link far end router Any node reachable through protected link sub-branch is NOT a PQ candidate Prune branch going through protected link
§
Routers E and D constitute the Q space – –
E and D can reach C without going through AC E and D are candidate PQ/release node BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36
Remote LFA Calculating the Set of PQ Candidates Q-space
P-space
topology
A
∩
B
D
D
§
A
C
B
C
E
D
E
PQ candidate is any member of both trees
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
PQ candidate
Cisco Public
37
Remote LFA Extended P-Space § Extended P-space – P-space of each neighbor and the protected link A
B
C
D
§ There is an increase of prefix coverage – For example in the square topology
§ Normally there is no PQ node in the square topology § With extended P-Space, D becomes a PQ node for neighbor C
BRKRST-3020
§ Extended P-Space calculation is not expensive – Directly Connected LFA makes sure the router already runs SPF in behalf of each neighbor – Directly Connected LFA is run before Remote LFA
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
38
Remote LFA Square with P-Space SPT
SPT after pruning protected link branch
A A
pruning
SPF C
topology A
C
B
D
D
SPT after pruning protected link branch
rSPT rooted at B C
P-space
B
B
D
B
SPF
BRKRST-3020
Q-space
pruning A
no intersection
D
C C © 2014 Cisco and/or its affiliates. All rights reserved.
D
Cisco Public
39
Remote LFA Square with Extended P-Space rSPT rooted at C
SPT after pruning protected link branch
C C
D
topology A
A D
B
B
SPT after pruning protected link branch
B
D
Q-space
pruning A
PQ is router D
B
SPF
BRKRST-3020
A
B
rSPT rooted at B C
Extended P-space
pruning
SPF
D
C C © 2014 Cisco and/or its affiliates. All rights reserved.
D
Cisco Public
40
Remote LFA Notes on Remote LFA § The Tunnel is an LSP – By LDP only – LDP should be enabled everywhere § If not, some prefixes/link might be unprotected § The sw will not take care of excluding those links
§ In theory, IP-in-IP, GRE, L2TP tunneling is possible – IP tunneling is not supported by us
§ From forwarding plane point of view, the LSP is indistinguishable from an unprotected TE tunnel § PQ node protection is link protecting only, not node protecting § PQ node calculations are only executed if there are unprotected paths for protectable prefixes § No Remote LFA for per-link BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
41
Remote LFA Remote LFA with MPLS Targetted LDP Session
A
PQ
Label Bindings (IGP prefixes)
A
A
B
C
B
C
B
C
D
E
D
E
D
E
§ A does not find Directly Connected LFA for link A-C
§ A initiates Targetted LDP session to router D
§ A runs Remote LFA computation and finds Remote LFA to D (D is chosen PQ node)
§ D advertises label bindings to router A § Router A installs prefix in CEF and LFIB as backup with label from targetted LDP session
Notes: Router D is not aware it will be used as PQ node Targetted LDP acceptance must be enabled on all routers BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
42
Remote LFA Remote LFA with MPLS: Packet Forwarding IP
IP
A
Targetted LDP Session
B
C
E
X
IP IP
L4
L1 D
E
IP
L3
§ Router D advertises Label L1 to router A for prefix X § Router A programs imposition of labels { L2 L1 } for prefix X as repair path with NH router B BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
43
Tie Breaking
Tie Breaking There Can Be Only One § Computation provides usually multiple LFAs § Need to select one LFA among multiple candidates for each prefix/path § How tie breaking works: • A set of consecutive rules, by preference • Each rule discards candidates e.g. rule of node protecting eliminates paths which do not node protect
• Scheme stops when one single path remains • If a rule excludes all paths (no path has the attribute), then the rule is skipped • Remaining candidates are distributed among prefixes sharing the protected primary path (load-sharing)
Remember that an LFA candidate is a neighbor that passes the LFA inequality BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
45
Tie Breaking Attributes § Attributes § Set of attributes are ON by default § Order of attributes: preference value
BRKRST-3020
SRLG
Prefer other Share Link Group
Primary Path
Prefer Primary over Secondary path
Interface Disjoin
Prefer other interface then protected interface
Node protecting
Prefer node over link protecting
Broadcast Interface Disjoin
Prefer Path not using the broadcast segment
Load Sharing
Distribute candidates among prefixes sharing the protected path
Downstream
Prefer the router closer to D than S
Secondary
Prefer scondary over primary
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
46
Tie Breaking Example R1#show ip ospf rib 10.100.1.13
Default Tie Breaking, IOS, OSPF
via 10.1.5.7, Ethernet0/0
primary path
Flags: RIB LSA: 1/10.100.1.13/10.100.1.13
repair path via 10.1.3.4, Serial4/0, cost 31
1
Flags: RIB, Repair, IntfDj, BcastDj, PrimPath, LC Dj, NodeProt, Downstr, LoadShare LSA: 1/10.100.1.13/10.100.1.13
repair path via 10.1.6.8, Serial6/0, cost 36
2
Flags: Ignore, Repair, IntfDj, BcastDj, LC Dj
10 20 30 40 50 60 70 256
srlg primary-path interface-disjoint lowest-metric linecard-disjoint node-protecting broadcast-interface-disjoint load-sharing
LSA: 1/10.100.1.13/10.100.1.13
no path has SRLG, so this policy step is skipped
repair path via 10.1.4.5, Serial5/0, cost 31
3
Flags: Ignore, Repair, IntfDj, BcastDj, PrimPath , LC Dj, NodeProt, Downstr, LoadShare LSA: 1/10.100.1.13/10.100.1.13 repair path via 10.1.5.6, Ethernet0/0, cost 31
4
Flags: Ignore, Repair,
path 4 does not have “IntfDj” attribute
PrimPath, NodeProt, Downstr
paths 1 & 3 have the same cost
LSA: 1/10.100.1.13/10.100.1.13
paths 1 & 3 have the same set of attributes
repair path via 10.1.2.3, Serial3/0, cost 131
5
Flags: Ignore , Repair, IntfDj, BcastDj, LC Dj, NodeProt LSA: 1/10.100.1.13/10.100.1.13
BRKRST-3020
path 2 & 5 do not have “PrimPath” (not one of the ECMP paths)
© 2014 Cisco and/or its affiliates. All rights reserved.
it comes down to “loadshare” : one of the 2 paths is chosen Cisco Public
47
Configuration, Implementation and Troubleshooting (OSPF, ISIS, EIGRP) in IOS and IOS-XR
Implementation Notes § Differences apply in implementations – IOS does Per-Prefix LFA only – IOS-XR does Per-Link and Per-Prefix – OSPF versus ISIS – IPv6 is similar to IPv4
§ Restrictions – Interface types (check www.cisco.com)
§ Remote LFA is only calculated when Directly Connected LFA does not provide protection (if there are unprotected paths for protectable prefixes) – Less state – Less tunnels
§ PQ node protection is link protecting only, not node protecting BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
49
Implementation Notes § Per-prefix LFA performance is proportional to nr of neighbors and nr of prefixes § Memory increase – Distance tables – RIB needs to store backup paths – LDP storage increase
§ Calculation is done in background – Primary SPF always has priority
§ OSPF – Backup path for the prefix will always be calculated in the same area where primary path exists – Backup path will be of same route type (intra-area, inter-area, external, external-NSSA) and using same metric type as primary path – IOS-XR: only per-link or per-prefix per interface
§ ISIS – No FRR SPF results are stored
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
50
SRLG Assigning a Shared Risk Link Group (SRLG) to an Interface
IOS
IOS-XR
interface Ethernet0/0 srlg gid 100 ip address 10.1.5.1 255.255.255.0
srlg interface GigabitEthernet0/0/4/1 1 value 100
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
51
Show IP Route Repair-paths R1#show ip route repair-paths 10.100.1.13 Routing entry for 10.100.1.13/32 Known via "ospf 1", distance 110, metric 31, type intra area Last update from 10.1.3.4 on Serial4/0, 2d19h ago Routing Descriptor Blocks: * 10.1.5.7, from 10.100.1.13, 2d19h ago, via Ethernet0/0 Route metric is 31, traffic share count is 1 Repair Path: 10.1.2.3, via Serial3/0 10.1.4.5, from 10.100.1.13, 2d19h ago, via Serial5/0 Route metric is 31, traffic share count is 1 Repair Path: 10.1.6.8, via Serial6/0 [RPR]10.1.6.8, from 10.100.1.13, 2d19h ago, via Serial6/0 Route metric is 36, traffic share count is 1 [RPR]10.1.2.3, from 10.100.1.13, 2d19h ago, via Serial3/0 Route metric is 131, traffic share count is 1 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
52
IPFRR and LDP primary label R1#show ip route 10.100.1.13
R1#show ip cef 10.100.1.13
Routing entry for 10.100.1.13/32
10.100.1.13/32
Known via "ospf 1", distance 110, metric 31, type intra area Last update from 10.1.5.7 on Ethernet0/0, 5w4d ago Routing Descriptor Blocks:
no label: there is no remote label binding from next-hop
nexthop 10.1.4.5 Serial5/0 label [46|none] repair: attached-nexthop 10.1.6.8 Serial6/0 nexthop 10.1.5.7 Ethernet0/0 label [43|45]
* 10.1.5.7, from 10.100.1.13, 5w4d ago, via Ethernet0/0
repair: attached-nexthop 10.1.5.6 Ethernet0/0
Route metric is 31, traffic share count is 1 Repair Path: 10.1.5.6, via Ethernet0/0
45 is label of the repair path R1#show mpls ldp bind 10.100.1.13 32
10.1.4.5, from 10.100.1.13, 6w0d ago, via Serial5/0 Route metric is 31, traffic share count is 1 Repair Path: 10.1.6.8, via Serial6/0
remote LFA label
lib entry: 10.100.1.13/32, rev 66 local binding:
label: 41
remote binding: lsr: 10.100.1.2:0, label: 45 remote binding: lsr: 10.100.1.4:0, label: 44
label of primary path
label of repair path
remote binding: lsr: 10.100.1.6:0, label: 45
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
53
Remote LFA Implementation Notes § The remote LFA tunnel is an interface – Name is MPLS-Remote-LFA
– is always incremented to facilitate debugging
§ The remote LFA interface is unnumbered to the underlying physical interface § The remote LFA interface is always up – Adjacency changes from drop to non-drop depending in the availability of the transport label to the tunnel tailend – There are always IPv4 and Tag adjacency for the tunnel R1#show ip interface brief Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
10.1.5.1
YES NVRAM
up
up
Serial2/0
10.1.1.1
YES NVRAM
up
up
Loopback0
10.100.1.1
YES NVRAM
up
up
MPLS-Remote-Lfa51
10.1.6.1
YES unset
up
up
MPLS-Remote-Lfa52
10.1.5.1
YES unset
up
up
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
54
Remote LFA Implementation Notes Configuration: LDP § LDP must be enabled on the interfaces used by the repair LSP § Directly connected LFA must already be enabled § There are specefic commands to enable remote LFA § FRR-manager on the calculating node will initiate the targetted session to the chosen PQ node – only when needed, i.e. there will not be targetted LDP sessions to all nodes by default
§ No remote LFA-specific LDP configuration on PQ node – The PQ node must be configured to accept targeted LDP session from the protecting node mpls ldp discovery targeted-hello accept [from ] BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
55
OSPF - IOS
Configuration, Implementation and Troubleshooting OSPF - IOS § Only per-prefix LFA § 2 new debug commands R1#debug ip ospf fast-reroute ? rib
OSPF FastReroute Routing Information Base (RIB)
spf
OSPF LFA FastReroute SPF
R1#debug ip ospf fast-reroute rib ? <1-199>
Access list
<1300-2699>
Access list (expanded range)
R1#debug ip ospf fast-reroute spf ? detail
Print more debugging detail BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
57
OSPF - IOS What is Stored Extra? § SPFs are run for each neighbor with that neighbor as root! § Full SPFs with N as root are not stored on S
E
§ Some info needs to be stored in new tables to be used by partial SPF in between full SPFs – Distance to neighbor § Stored in Per-Neighbor Router Distance Table § Not the distance to all routers in that area needs to be stored
E is the primary next hop router
S
D
N
N is the protecting next hop router
D(N,D) < D(N,E) + D(E,D)
D(N,D) equals D(S,D)viaN - D(S,N)
D(N,E) + D(E,D) equals D (N,E) + D(S,D) - D(S,E)
D(S,D)viaN - D(S,N) < D (N,E) + D(S,D) - D(S,E)
§ Distance from N to D is not needed and hence D(N,D) is not stored § Distance from E to D is not needed and hence not stored § Distance from neighboring routers to the destination is not stored § Distance from N to E is stored BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
58
OSPF - IOS What is Stored Extra? E
What?
Where?
D(S,D) for the prefixes at D
in LRIB as primary path
D(S,D)viaN for the prefixes at D
in LRIB as repair path
D(S,N)
internally (there is no show command to display this)
D(S,E)
internally (there is no show command to display this)
D(N,E)
in Per-Neighbor Router Distance Table (needed by partial SPF)
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
S
D
N
Cisco Public
E is the primary next hop router
N is the protecting next hop router
59
OSPF - IOS New Storing Elements: Per-Neighbor Tables What
Where?
Description
Why?
Distance from neighboring router to neighboring router
Per-Neighbor Router Distance Table
Distance to ABRs/ASBRs
Per-Neighbor Router Distance Table
ABR/ASBR info is built from intra-area and inter-area reachability info and Type 4 LSAs
Needed by partial SPF
Distance to Network LSA
Per-Neighbor Network Distance Table
S needs to know if N has a broadcast interface back to S and check inequality 4
Info needed during partial SPF
• Inequality 4: D(N,D) < D(N,PN) + D(PN,D) • D(N,PN) is stored
External LSA forwarding address
BRKRST-3020
Per-Neighbor External LSA Forwarding Address Distance Table
© 2014 Cisco and/or its affiliates. All rights reserved.
Needed by partial SPF when calculating repair path (reachability) for LSA type 5/7 Cisco Public
60
OSPF - IOS New Storing Elements: Per-Neighbor Tables - Example R1# show ip os neighbor fast-reroute
| begin ID 10.100.1.2
neighbor N of S (root of SPF)
Neighbor with Router ID 10.100.1.2: Reachable over:
D(S,N)
Serial2/0, IP address 10.1.1.2, cost 10
Router distance table: i
[10]
10.100.1.2
i
[0]
10.100.1.3
i
[10]
10.100.1.9
i
[25]
10.100.1.10
i
[30]
10.100.1.13
i
[40]
neighbors E of S with D(N,E) ABRs/ASBRs with D(N,ABR/ASBR)
Network LSA distance table: i
[20]
External LSA forwarding address distance table: 10.200.1.2
i
equivalent info as “show …” command on router with ID 10.100.1.2 R2#show ip ospf border-routers
10.100.1.1
10.1.5.7
S is router R1 N is router R2
[50] via 10.200.1.0/24
i intra-area route I inter-area route BRKRST-3020
D(N,PN) cost from N to DR
i 10.100.1.9 [25] via 10.1.1.1, Serial2/0, ASBR, Area 0, SPF 25 i 10.100.1.10 [30] via 10.1.7.3, Serial3/0, ABR, Area 0, SPF 25 i 10.100.1.13 [40] via 10.1.1.1, Serial2/0, ABR/ASBR, Area 0, SPF 25
R2#show ip ospf database network LS Type: Network Links Link State ID: 10.1.5.7 (address of Designated Router) Advertising Router: 10.100.1.7 Length: 36 Network Mask: /24 Attached Router: 10.100.1.7
R2# show ip route 10.200.1.2 Routing entry for 10.200.1.0/24 Known via "ospf 1", distance 110, metric 50, type intra area Last update from 10.1.1.1 on Serial2/0, 2d23h ago Routing Descriptor Blocks: * 10.1.1.1, from 10.100.1.13, 2d23h ago, via Serial2/0 Route metric is 50, traffic share count is 1
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
61
OSPF - IOS Primary and Repair Path in LRIB (Local RIB) R1#show ip ospf rib 10.100.1.13 OSPF local RIB Codes: * - Best, > - Installed in global RIB *>
LSA: type/LSID/originator
10.100.1.13/32, Intra, cost 31, area 0 SPF Instance 44, age 01:05:21 Flags: RIB, HiPrio
primary path
via 10.1.5.7, Ethernet0/0 Flags: RIB LSA: 1/10.100.1.13/10.100.1.13
repair path via 10.1.5.6, Ethernet0/0, cost 32 Flags: RIB, Repair, NodeProt, Downstr LSA: 1/10.100.1.13/10.100.1.13 repair path via 10.1.6.8, Serial6/0, cost 36
cost = D(S,D)viaN = D(S,N) + D(N,D) for one prefix
Flags: Ignore, Repair, IntfDj, BcastDj, LC Dj
tie breaker attributes if SRLG is present = means equal SRLG value!
LSA: 1/10.100.1.13/10.100.1.13 repair path via 10.1.4.5, Serial5/0, cost 31 Flags: Ignore, Repair, IntfDj, BcastDj, PrimPath, LC Dj, NodeProt, Downstr LSA: 1/10.100.1.13/10.100.1.13 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
62
Configuration IOS - OSPF OSPF router config mode [no] fast-reroute per-prefix enable [area ] prefixpriority {high | low}
External routes do not belong to any area
N O T E S
BRKRST-3020
To protect externals you MUST have enabled the command without the area keyword Enabling ‘low’ priority means that both high and low priority prefixes are eligible for protection © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
63
Configuration IOS - OSPF OSPF router config mode [no] prefix-priority high route-map
High priority get programmed before low priority in RIB
N O T E S
Routes permitted by the route-map are assigned High priority, the rest is Low priority By default if not configured prefixes with /32 mask are High priority, the rest is Low priority
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Route-map match statements: match tag match route-type match ip address
Other ‘match’ and all ‘set’ statements
are ignored Cisco Public
64
Configuration IOS - OSPF OSPF router config mode [no] fast-reroute keep-all-paths
N O T E S
OSPF to keep in the LRIB all candidate repair paths which were found during LFA FRR SPF For troubleshooting only Especially when looking at or changing the tie-breakers
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
N O T E S
By default: only best repair path in RIB Conserves memory
Cisco Public
65
Configuration IOS - OSPF Interface config mode [no] ip ospf fast-reroute per-prefix protection [disable]
N O T E S
BRKRST-3020
Primary routes pointing to this interface will not be protected
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
66
Configuration IOS - OSPF Interface config mode [no] ip ospf fast-reroute per-prefix candidate [disable]
The interface will not be used for repair paths
N O T E S
LFA SPF optimization: If interface cannot be used for repair paths then it is not needed to run SPF with neighbors over this interface as root. For example: link from a router to stub site Reduced number of SPF: brings total LFA FRR SPF time down
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
67
Configuration IOS - OSPF OSPF router config mode [no] fast-reroute per-prefix tie-break [required] index
N O T E S
Supported attributes: interface-disjoint broadcast-interface-disjoint srlg downstream node-protecting linecard-disjoint primary-path secondary-path lowest-metric
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Keyword ‘required’ is supported for all attributes except ‘lowestmetric’ If required attribute is missing, skip the path
Cisco Public
68
For Your Reference
Default Tie Breaking OSPF - IOS Tie-Breaker option
Description
Default values IOS OSPF
Comment
srlg (SRLG)
Prefer LFA not sharing the same Share Link Group
10
Shared risk of links
primary-path (PrimPath)
Prefer primary over secondary path
20
Backup is member of ECMP set
interface-disjoint (IntfDj)
Prefer path over other interface than protected one
30
lowest-metric (CostWon)
Prefer lower metric
40
The metric of the backup node to D might be higher than metric of S to D
linecard-disjoint (LC Dj)
Prefer path using different linecard
50
Different linecard means also different interface, hence this is link protecting
node-protecting (NodeProt)
Prefer node protecting over link protecting
60
broadcast-interface-disjoint (BcastDj)
Prefer path not using broadcast segment
70
load-sharing (LoadShare)
Distribute remaining candidates among prefixes sharing the protected path
255
downstream (Downstr)
Prefer node closer to D than S
secondary-pathBRKRST-3020
Prefer secondary over primary path © 2014 Cisco and/or its affiliates. All rights reserved.
Not configurable. This is the catch-at-the-end policy
-
Disabled by default
Cisco Public-
Disabled by default
69
Default Tie Breaking OSPF - IOS router ospf 1
not enabled specifically for one area, so IPFRR includes the AS external prefixes
fast-reroute per-prefix enable prefix-priority low fast-reroute keep-all-paths
enabled for troubleshooting purposes
R1#show ip ospf fast-reroute Loop-free Fast Reroute protected prefixes: Area
Topology name
Priority
Remote LFA Enabled
0
Base
Low
No
AS external
Base
Low
Repair path selection policy tiebreaks (built-in default policy): 10
srlg
20
primary-path
30
interface-disjoint
40
lowest-metric
50
linecard-disjoint
60
node-protecting
70
broadcast-interface-disjoint
256
AS external: this only shows if IPFRR is not enabled for only area(s) priority low indicates that low and high priority prefixes are protected
“downstream” is not present by default configuring tie-breakers removes the defaults!
load-sharing
Last SPF calculation started 5d13h ago and was running for 11 ms. BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
70
IPFRR Statistics for OSPF R1#show ip ospf fast-reroute prefix-summary Area 0: Interface
Protected
Primary paths
Protected paths Percent protected
All
High
Low
All
High
Low
All High
Low
Se6/0
Yes
5
2
3
2
2
0
40% 100%
0%
Se5/0
Yes
8
5
3
2
2
0
25%
40%
0%
Se4/0
Yes
10
6
4
4
4
0
40%
66%
0%
Se3/0
Yes
0
0
0
0
0
0
0%
0%
0%
Se2/0
Yes
3
2
1
2
2
0
66% 100%
0%
Et0/0
Yes
11
6
5
3
3
0
27%
50%
0%
Area total:
37
21
16
13
13
0
35%
61%
0%
Process total:
37
21
16
13
13
0
35%
61%
0
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Coverage in percentage Per area Per interface High - low
Cisco Public
71
Troubleshooting – Remote LFA R1#show ip interface brief Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
10.1.5.1
YES manual up
up
Loopback0
10.100.1.1
YES manual up
up
MPLS-Remote-Lfa4
10.1.5.1
YES unset
up
up
MPLS-Remote-Lfa5
10.1.4.1
YES unset
up
up
MPLS-Remote-Lfa6
10.1.4.1
YES unset
up
up
R1#show ip ospf fast-reroute Loop-free Fast Reroute protected prefixes: Area
Topology name
Priority
Remote LFA Enabled
0
Base
High
Yes
Repair path selection policy tiebreaks: 10
secondary-path
20
node-protecting
256
priority low would indicate that high and low priority prefixes are protected
load-sharing
Last SPF calculation started 00:07:40 ago and was running for 37 ms. BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
72
Troubleshooting – Remote LFA R1#show ip ospf fast-reroute remote-lfa tunnels
Interface MPLS-Remote-Lfa4 Tunnel type: MPLS-LDP Tailend router ID: 10.100.1.11 Termination IP address: 10.100.1.11 Outgoing interface: Ethernet0/0 First hop gateway: 10.1.5.6
there can be multiple next hops here as one remote LFA/tunnel can protect multiple next hops/interfaces
Tunnel metric: 21 Protects: 10.1.4.5 Serial5/0, total metric 31
Interface MPLS-Remote-Lfa5
2 remote LFAs to the same PQ node: there are 2 distinct paths to reach the PQ node; different neighbors are protected One tunnel cannot protect both next hops, as the tunnel protecting one next hop uses the other protected next hop as outgoing interface
Tunnel type: MPLS-LDP Tailend router ID: 10.100.1.11 Termination IP address: 10.100.1.11 Outgoing interface: Serial5/0 First hop gateway: 10.1.4.5 Tunnel metric: 20 Protects: 10.1.5.6 Ethernet0/0, total metric 30
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
73
Troubleshooting – Remote LFA R1#sh ip ro 10.100.1.5 Routing entry for 10.100.1.5/32 Known via "ospf 1", distance 110, metric 11, type intra area Last update from 10.1.4.5 on Serial5/0, 01:38:12 ago Routing Descriptor Blocks: * 10.1.4.5, from 10.100.1.5, 01:38:12 ago, via Serial5/0 Route metric is 11, traffic share count is 1 Repair Path: 10.100.1.11, via MPLS-Remote-Lfa4
R1#show ip ospf rib 10.100.1.5 *>
10.100.1.5/32, Intra, cost 11, area 0 SPF Instance 81, age 1d17h Flags: RIB, HiPrio via 10.1.4.5, Serial5/0 Flags: RIB LSA: 1/10.100.1.5/10.100.1.5 repair path via 10.100.1.11, MPLS-Remote-Lfa4, cost 31 Flags: RIB, Repair, IntfDj, BcastDj, LC Dj, LoadShare LSA: 1/10.100.1.5/10.100.1.5
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
MPLS-Remote-LFA4 was choosen because MPLS-Remote-LFA5 goes over Serial5/0, the protected link
Cisco Public
74
Troubleshooting – Remote LFA R1#show ip interface brief Interface IP-Address
OK? Method Status
Protocol
MPLS-Remote-Lfa4 MPLS-Remote-Lfa5
YES unset YES unset
up up
10.1.5.1 10.1.4.1
up up
R1#sh mpls ldp ne 10.100.1.11 Peer LDP Ident: 10.100.1.11:0; Local LDP Ident 10.100.1.1:0 TCP connection: 10.100.1.11.43185 - 10.100.1.1.646 State: Oper; Msgs sent/rcvd: 72/72; Downstream Up time: 00:28:54 LDP discovery sources: targetted Targeted Hello 10.100.1.1 -> 10.100.1.11, active Addresses bound to peer LDP Ident: 10.1.13.11 10.1.18.11 10.1.14.11 10.100.1.11 R1#sh mpls ldp discovery Discovery Sources: Interfaces: Ethernet0/0 (ldp): xmit/recv LDP Id: 10.100.1.6:0 Serial6/0 (ldp): xmit Targeted Hellos: 10.100.1.1 -> 10.100.1.11 (ldp): active, xmit/recv LDP Id: 10.100.1.11:0 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
LDP session
The Targetted LDP Session could be set up either by configuration or the FRR Manager
targetted LDP session Cisco Public
75
For Your Reference
Troubleshooting – Remote LFA primary label
remote LFA label
R1#show ip cef 10.100.1.5 detail 10.100.1.5/32, epoch 0 local label info: global/33 nexthop 10.1.4.5 Serial5/0 label [implicit-null|37] repair: attached-nexthop 10.100.1.11 MPLS-Remote-Lfa4 nexthop 10.100.1.11 MPLS-Remote-Lfa4, repair
NH is remote LDP router-ID R1#show mpls ldp bindings 10.100.1.5 32 lib entry: 10.100.1.5/32, rev 50 local binding: label: 33 remote remote remote remote
binding: binding: binding: binding:
lsr: lsr: lsr: lsr:
10.100.1.2:0, label: 37 10.100.1.4:0, label: 36 10.100.1.5:0, label: imp-null 10.100.1.11:0, label: 37
Broken example R1#show ip cef 10.100.1.5 10.100.1.5/32 nexthop 10.1.4.5 Serial5/0 label [implicit-null|none]
remote LFA label received from the PQ node over the targetted session no remote LFA label: there is something wrong, like no targetted LDP session to PQ node
repair: attached-nexthop 10.100.1.11 MPLS-Remote-Lfa4 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
76
Troubleshooting LFA R1#show ip ospf fast-reroute prefix-summary Area 0: Interface
Protected
coverage is not 100% (for the high priority prefixes)
Primary paths
Protected paths Percent protected
All
High
Low
All
High
Low
All High
Low
Se6/0
Yes
11
5
6
1
1
0
9%
20%
0%
Se5/0
Yes
9
6
3
3
3
0
33%
50%
0%
Se4/0 Se3/0
Yes Yes
7 0
4 0
3 0
4 0
4 0
0 0
57% 100% 0% 0%
0% 0%
Se2/0
Yes
1
1
0
0
0
0
0%
0%
Et0/0
Yes
9
6
3
3
3
0
33%
Area total:
37
22
15
11
11
0
Process total:
37
22
15
11
11
0
# paths: counted as prefixes with unique path so a prefix with 2 next hops in the RIB is counted as 2 paths BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
36% 44%
80% 66%
0% 0%
57% 100%
0%
0%
0%
0%
0%
0%
0%
0%
50%
0%
44%
66%
0%
29%
50%
0%
43%
72%
0%
29%
50%
0%
43%
72%
0%
difference : Remote LFA enabled
Cisco Public
77
Coverage is not 100% § It is not guaranteed to be 100% § Perhaps LFA is enabled for one OSPF area only – This excludes the other area’s – This excludes all external prefixes
§ Perhaps LFA is only enabled for the high priority prefixes § Remote LFA – Some destinations can be behind routers without LDP enabled – Targetted LDP session can be down – Perhaps “mpls ldp discovery targeted-hello accept [from ]“ was forgotten
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
78
For Your Reference
Debug IP OSPF Fast-Reroute SPF Detail A major change in the network causes OSPF to run a full SPF and FRSPF OSPF-1 INTRA: Running SPF for area 0, SPF-type Full
Normal full SPF Adding router LSAs and building SPT Adding summaries, externals, etc.
OSPF-1 FRSPF: Scheduling IPFRR SPF, change 'X', area dummy area, instance 440 ... OSPF-1 FRSPF: Create list of candidate neighbors for intra SPF in area 0 OSPF-1 FRSPF: Adding neighbor 10.100.1.8 via Serial6/0 to SPF work queue OSPF-1 FRSPF: Adding neighbor 10.100.1.7 via Ethernet0/0 to SPF work queue ...
Start of FRSPF The neighbors of the calculating router for which rSPf will be run
OSPF-1 FRSPF: Intra-area calcualtion for neighbor 10.100.1.7 in area 0
rSPF for one neighbor
OSPF-1 FRSPF: Add router 10.100.1.7 to P-space via neighbor 10.100.1.7 OSPF-1 FRSPF: Adding first hop via 10.1.5.7 Ethernet0/0 ...
RmtLFA is enabled: extended P-space is built as well P legs are stored in the remote LFA tree
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
79
For Your Reference
Debug IP OSPF Fast-Reroute SPF Detail OSPF-1 FRSPF: Starting RmtLFA scan
Start RmtLFA scan
OSPF-1 FRSPF: Need RmtLFA tunnel for primary gateway 10.1.1.2 Serial2/0 in area 0 due to unprotected 10.1.7.0/24 ...
Neighbors for which there is at least one unprotected prefix: remote LFA will be checked (but not necessarily found) for these neighbors
OSPF-1 FRSPF: RmtLFA starting rSPF in area 0
Start rSPF for RmtLFA
OSPF-1 FRSPF: Intra-area reverse SPF calcualtion for neighbor 10.100.1.6 in area 0
Run rSPF for each of the next-hops, with the next-hop as root
OSPF-1 OSPF-1 20/30, OSPF-1
FRSPF: Found router 10.100.1.11 in Q-space of gateway 10.1.5.6 Eth0/0 FRSPF: protecting via 10.1.4.5 Serial5/0 with tunnel/total cost flags (Repair, IntfDj, BcastDj, SRLG, LC Dj) FRSPF: currently best known tunnel
Found Q leg Trying to match P legs and Q legs, resulting in PQ nodes
OSPF-1 FRSPF: Place tunnels in area 0
Tunnels are placed to PQ nodes
%LDP-5-NBRCHG: LDP Neighbor 10.100.1.13:0 (3) is UP
One or more Targetted LDP neighbors come up
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
80
ISIS - IOS
Configuration IOS - ISIS ISIS router config mode fast-reroute per-prefix {[all] | [route-map map-tag]}
N O T E S
BRKRST-3020
Supported route-map match commands match ip address match tag match interface match ip nexthop
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
82
Configuration IOS - ISIS Interface config mode isis fast-reroute protection disable
N O T E S
enables or disables the interface for protection
BRKRST-3020
isis fast-reroute candidate disable
N O T E S
© 2014 Cisco and/or its affiliates. All rights reserved.
disables using the interface for repair path
Cisco Public
83
Configuration IOS - ISIS Interface config mode isis fast-reroute exclude interface
N O T E S
BRKRST-3020
prevent an interface B from being selected as LFA for any destination whose primary next hop is via interface A (interface on which the command is configured)
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
84
Troubleshooting ISIS-IOS router#show isis fast-reroute summary Load for five secs: 2%/0%; one minute: 1%; five minutes: 1% Time source is hardware calendar, *09:38:52.670 UTC Mon Nov 25 2013 Tag one: IPv4 Fast-Reroute Protection Summary: Prefix Counts:
Total
Protected
Coverage
High priority:
0
0
0%
Normal priority:
16
12
75%
Total:
16
12
75%
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
85
Default Tie Breaking ISIS- IOS “show run all” shows all default commands
show run all | in tie-break fast-reroute tie-break level-1 linecard-disjoint 40 fast-reroute tie-break level-1 lowest-backup-path-metric 30 fast-reroute tie-break level-1 node-protecting 50 fast-reroute tie-break level-1 srlg-disjoint 10 fast-reroute tie-break level-1 primary-path 20 fast-reroute
BRKRST-3020
load-sharing level-1 disable
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
86
For Your Reference
Default Tie Breaking ISIS - IOS Tie-Breaker option
Description
Default values IOS ISIS
Comment
Srlg (SRLG)
Prefer LFA not sharing the same Share Link Group
10
Shared risk of links
primary-path (PrimPath)
Prefer primary over secondary path
20
Backup is member of ECMP set
lowest-backup-path-metric
Prefer lower metric
30
The metric of the backup node to D might be higher than metric of S to D
linecard-disjoint (LC Dj)
Prefer path using different linecard
40
Different linecard means also different interface, hence this is link protecting
node-protecting (NodeProt)
Prefer node protecting over link protecting
50
load-sharing (LoadShare)
Distribute remaining candidates among prefixes sharing the protected path
255
Downstream (Downstr)
Prefer node closer to D than S
-
Disabled by default
secondary-path
Prefer secondary over primary path
-
Disabled by default
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Not configurable. This is the catch-at-the-end policy
87
Troubleshooting ISIS-IOS router#show isis rib 10.1.100.7 255.255.255.255 IPv4 local RIB for IS-IS process one IPV4 unicast topology base (TID 0, TOPOID 0x0) ================= Repair path attributes: DS - Downstream, LC - Linecard-Disjoint, NP - Node-Protecting PP - Primary-Path, SR - SRLG-Disjoint
10.1.100.7/32 [115/L1/20] via 10.1.5.7(GigabitEthernet1/4), from 10.1.100.7, tag 0, LSP[6/17] (installed) repair path: 10.1.6.7(GigabitEthernet1/5) metric:20 (PP,DS,SR) LSP[6]
repair path attributes
[115/L1/20] via 10.1.6.7(GigabitEthernet1/5), from 10.1.100.7, tag 0, LSP[6/17] (installed) repair path: 10.1.5.7(GigabitEthernet1/4) metric:20 (PP,DS,SR) LSP[6]
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
88
Troubleshooting ISIS-IOS router#show isis fast-reroute interfaces Load for five secs: 0%/0%; one minute: 0%; five minutes: 0% Time source is hardware calendar, *10:00:36.834 UTC Mon Nov 25 2013
Tag one - Fast-Reroute Platform Support Information: GigabitEthernet1/9: Protectable: Yes. Usable for repair: Yes GigabitEthernet1/5: Protectable: Yes. Usable for repair: Yes GigabitEthernet1/4: Protectable: Yes. Usable for repair: Yes GigabitEthernet1/10: Protectable: Yes. Usable for repair: Yes
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
This CLI shows whether or not an interface is supported by the platform. An interface may still not be protected or usable for repair due to configuration setting
Cisco Public
89
Troubleshooting ISIS-IOS debug isis fast-reroute path-selection show isis fast-reroute remote-lfa tunnels
router#debug isis fast-reroute path-selection ? <1-199>
Access list of prefixes
<1300-2699>
Access list (expanded range)
level-1
Apply to Level 1
level-2
Apply to Level 2
terse
Minimal fast-reroute path selection debug
Limit output by using ACL when debugging fSPF runs 500 ms after SPF per-level
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
90
Troubleshooting ISIS-IOS router# 10:13:04.914: ISIS-SPF (one): L1 LSP 6 (0000.0000.0007.00-00) flagged for recalculation from 96EB874 10:13:06.914: ISIS-SPF (one): LSP 6 (0000.0000.0007.00-00) Type STD 10:13:06.914: ISIS-SPF (one): spf_result: next_hop_parents:0x14157A48 root_distance:10, parent_count:1, parent_index:1 db_on_paths:1 10:13:06.914: ISIS-SPF (one): Calculating routes for L1 LSP 6 (0000.0000.0007.00-00) 10:13:06.914: ISIS-SPF (one): lsptype:0, current_lsp(0000.0000.0007.00-00)(6) calling isis_walk_lsp
current_lsp:0x20CD10B8, lsp_fragment:0x20CD10B8
10:13:06.914: ISIS-SPF (one): Aging L1 LSP 6 (0000.0000.0007.00-00), version 20 10:13:06.914: ISIS-fSPF (one): SPF/PRC done.
Start frr timer. Level 1
10:13:07.114: ISIS-SPF (one): L1 LSP 1 (0000.0000.0003.00-00) flagged for recalculation from 96EB874
500 ms
10:13:07.414: ISIS-fSPF (one): FRR timer for level 1, mtid 0 expired
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
91
Troubleshooting ISIS-IOS router#show ip route repair-paths 10.1.100.2 Routing entry for 10.1.100.2/32 Known via "isis", distance 115, metric 20, type level-1 Redistributing via isis one Last update from 10.1.12.2 on GigabitEthernet1/9, 00:01:10 ago Routing Descriptor Blocks: * 10.1.12.2, from 10.1.100.2, 00:01:10 ago, via GigabitEthernet1/9 Route metric is 20, traffic share count is 1 Repair Path: 10.1.100.6, via MPLS-Remote-Lfa1 [RPR]10.1.100.6, from 10.1.100.2, 00:01:10 ago, via MPLS-Remote-Lfa1 Route metric is 40, traffic share count is 1
PQ router router#show isis fast-reroute remote-lfa tunnels Tag one - Fast-Reroute Remote-LFA Tunnels: MPLS-Remote-Lfa1: use Gi1/4, nexthop 10.1.5.7, end point 10.1.100.6
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
92
OSPF – IOS-XR
OSPF – IOS-XR What is Stored Extra? § Per-link LFA: nothing § Per-prefix LFA – Per neighbor distance table •
Distance from neighbor to all other routers in the area
•
Distance to ASBRs (pocessing Type-4 LSAs)
§ IPFRR SPFs run 500 ms after regular SPF BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
94
Show Route RP/0/RP1/CPU0:MeltDown#show route Tue Nov 12 18:22:22.174 CET Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G
- DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path Gateway of last resort is 10.48.32.1 to network 0.0.0.0 O E2 1.1.1.1/32 [110/0] via 10.1.2.7, 00:08:34, GigabitEthernet0/0/4/0 (!) [110/20] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3 O
10.1.8.0/24 [110/2] via 10.1.7.4, 00:31:10, GigabitEthernet0/0/4/2
O
10.1.9.0/24 [110/3] via 10.1.7.4, 00:08:34, GigabitEthernet0/0/4/2 [110/0] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3 (!)
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
95
Configuration IOS-XR - OSPF OSPF interface config mode [no] fast-reroute {per-link|per-prefix} [no] fast-reroute per-prefix exclude interface {interface-name} [no] fast-reroute per-prefix lfa-candidate interface {interface-name} used for allowing TE tunnel (explicit-path) other interface types are by default on the lfa-candidate list
[no] fast-reroute per-prefix use-candidate-only
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
96
Configuration IOS-XR - OSPF OSPF router config mode [no] fast-reroute per-prefix load-sharing disable [no] fast-reroute per-prefix priority-limit [critical|high|medium] same or higher priority only will be calculated
[no] fast-reroute per-prefix tiebreaker {downstream|lc-disjoint|lowest-backupmetric|lowest-backup-metric|primary-path|secondary-path} index [no] fast-reroute per-prefix remote-lfa tunnel mpls-ldp [no] fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295> [no] fast-reroute {per-prefix|per-link} use-candidate-only BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
97
Configuration IOS-XR - OSPF OSPF interface config mode [no] fast-reroute per-link lfa-candidate interface {interface-name} [no] fast-reroute per-link use-candidate-only
OSPF router config mode [no] fast-reroute per-prefix priority-limit [critical|high|medium] [no] fast-reroute per-link priority-limit [critical|high|medium]
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
98
LFA -Candidates IOS-XR - OSPF router ospf ldg
RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.2/32 backup-path detail
fast-reroute per-prefix fast-reroute per-prefix use-candidate-only enable
OSPF Route entry for 10.1.100.2/32
address-family ipv4 unicast
Route type:
area 0
Intra-area
Last updated: Jan
mpls traffic-eng
Area: 0.0.0.0,
interface Loopback0
SPF priority: 4,
network point-to-point
RIB version: 0,
!
6 13:05:44.837
Metric: 3 SPF version: 42 Source: Unknown
10.1.2.7, from 10.1.100.2, via GigabitEthernet0/0/4/0, path-id 1
interface tunnel-te3
Backup path:
cost 3
10.1.100.2, from 10.1.100.2, via tunnel-te3, protected bitmap 0x1
!
Attribues: Metric: 4, Downstream, Node Protect, SRLG Disjoint
interface GigabitEthernet0/0/4/0 network point-to-point fast-reroute per-prefix lfa-candidate interface tunnel-te3 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
99
For Your Reference
Default Tie Breaking OSPF – IOS-XR
0 = not considered Tie-Breaker option
Description
node-protecting
Default values IOS-XR OSPF 40
lc-disjoint
Prefer path using different linecard
30
lowest-backup-metric
Prefer lower metric
20
primary-path
Prefer primary over secondary path
10
Downstream
Prefer node closer to D than S
0
SRLG-disjoint
Prefer LFA not sharing the same Share Link Group
0
secondary-path
Prefer secondary over primary path
0
load-sharing (LoadShare)
Distribute remaining candidates among prefixes sharing theand/or protected © 2014 Cisco its affiliates. path All rights reserved.
BRKRST-3020
Comment
255 Cisco Public
Different linecard means also different interface, hence this is link protecting
Prefer primary over secondary path
Can be disabled 100
Troubleshooting OSPF-IOS-XR RP/0/RP1/CPU0:MeltDown#show ospf … IPFRR per-prefix tiebreakers: Name
Index
No Tunnel (Implicit) Node Protection
255 40
Line-card Disjoint
30
Lowest Metric
20
Primary Path
10
Downstream
0
Secondary Path
0
SRLG Disjoint
0
Default or configured tie breakers
… Area BACKBONE(0) Number of interfaces in this area is 4 SPF algorithm executed 24 times Number of LSA 12.
Checksum Sum 0x045507
… Flood list length 0 Number of LFA enabled interfaces 3, LFA revision 29 Number of Per Prefix LFA enabled interfaces 3 Number of neighbors forming in staggered mode 0, 2 full … BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
101
Per-link LFA RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.7/32 backup-path O
10.1.100.7/32, metric 2 area 0.0.0.0 10.1.2.7, from 10.1.100.7, via GigabitEthernet0/0/4/0, path-id 1 Backup path: 10.1.11.3, from 10.1.100.7, via GigabitEthernet0/0/4/3, protected bitmap 0x3 Attribues: Metric: 0,
RP/0/RP1/CPU0:MeltDown#show cef 10.1.100.7/32 10.1.100.7/32, version 315068, internal 0x4004001 (ptr 0x9da3fa88) [1], 0x0 (0x9d482838), 0x450 (0x9e31e1d0) Updated Nov 12 15:37:48.304 remote adjacency to GigabitEthernet0/0/4/0 Prefix Len 32, traffic index 0, precedence n/a, priority 3 via 10.1.2.7, GigabitEthernet0/0/4/0, 6 dependencies, weight 0, class 0, protected [flags 0x400] path-idx 0 bkup-idx 2 NHID 0x0 [0x9e18c554 0x9e18c880] next hop 10.1.2.7 local label 16005
labels imposed {ImplNull}
via 10.1.11.3, GigabitEthernet0/0/4/3, 6 dependencies, weight 0, class 0, backup [flags 0x300] path-idx 2 NHID 0x0 [0x9d772184 0x0] next hop 10.1.11.3 remote adjacency local label 16005 BRKRST-3020
labels imposed {30} © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
102
Troubleshooting OSPF-IOS-XR RP/0/RP1/CPU0:MeltDown#show route 10.1.100.6/32 detail Routing entry for 10.1.100.6/32 Known via "ospf 1", distance 110, metric 3, type intra area Routing Descriptor Blocks 10.1.1.7, from 10.1.100.7, via GigabitEthernet0/0/4/1, Backup Route metric is 0 Label: None Tunnel ID: None Extended communities count: 0 Path id:33
Path ref count:1
NHID:0x0(Ref:0) 10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2, Protected Route metric is 3 Label: None Tunnel ID: None Extended communities count: 0 Path id:1
Path ref count:0
NHID:0x0(Ref:0) Backup path id:33 Route version is 0xa6 (166) Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (6) SVD Type RIB_SVD_TYPE_LOCAL BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
103
Troubleshooting OSPF-IOS-XR RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.6/32 detail OSPF Route entry for 10.1.100.6/32 Route type:
Intra-area
Last updated: Nov 12 15:12:21.852 Area: 0.0.0.0, Metric: 3 SPF priority: 4, RIB version: 0,
SPF version: 40043 Source: Unknown
10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2
RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.6/32 backup-path Codes: O - Intra area, O IA - Inter area O E1 - External type 1, O E2 - External type 2 O N1 - NSSA external type 1, O N2 - NSSA external type 2 O
10.1.100.6/32, metric 3 area 0.0.0.0 10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2, path-id 1 Backup path: 10.1.1.7, from 10.1.100.7, via GigabitEthernet0/0/4/1, protected bitmap 0x1 Attribues: Metric: 2, Downstream, Node Protect, SRLG Disjoint
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
104
Troubleshooting OSPF-IOS-XR
RP/0/RP1/CPU0:MeltDown#show ospf statistics fast-reroute ospf_show_stats_ipfrr OSPF 1 IPFRR Statistics: Number of paths:
16
Number of paths enabled for protection :
16 (100%)
Number of paths protected:
13 (81%)
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
105
Per Neighbor Distance Table RP/0/RP1/CPU0:MeltDown#show ospf 1 fast-reroute topology 10.1.100.7
Neighbor topology
OSPF Router with ID (10.1.100.1) (Process ID 1) IPFRR Topology for Node 10.1.100.7, Area 0 , LFA revision 42 Node-ID
Distance
Type
Revision
10.1.100.1
1
1
42
10.1.100.2
1
1
42
10.1.100.3
1
1
42
10.1.100.4
2
1
42
10.1.100.5
4
4
42
10.1.100.6
3
1
42
10.1.100.7
0
1
42
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
is not stored for per-link LFA
ASBR
Cisco Public
106
Remote Backup RP/0/RP1/CPU0:MeltDown#show route 10.1.100.6 Routing entry for 10.1.100.6/32 Known via "isis one", distance 115, metric 20, type level-1 Installed Dec 3 08:29:26.036 for 04:29:19 Routing Descriptor Blocks 10.1.7.4, from 10.1.100.6, via GigabitEthernet0/0/4/2, Protected Route metric is 20 10.1.11.3, from 10.1.100.6, via GigabitEthernet0/0/4/3, Backup (remote) Remote LFA is 10.1.100.5 Route metric is 0 No advertising protos.
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
107
Remote Backup RP/0/RP1/CPU0:MeltDown# show mpls ldp forwarding fast-reroute Codes: - = GR label recovering, (!) = LFA FRR pure backup path {} = Label stack with multi-line output for a routing path G = GR, S = Stale, R = Remote LFA FRR backup Prefix
Label
Label(s)
Outgoing
In
Out
Interface
Next Hop
Flags G S R
---------------- ------- -------------- ------------ ------------------- ----10.1.100.2/32 10.1.100.6/32
16001 16004
16001
Gi0/0/4/1
10.1.1.7
27
Gi0/0/4/3
10.1.11.3
37
Gi0/0/4/2
10.1.7.4
{ 29
Gi0/0/4/3
10.1.11.3
16007 }
(!)
(!)
R
MPLS tunnel to 10.1.100.5
(10.1.100.5)
mpls ldp discovery targeted-hello accept BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
108
Debugging IPFRR in OSPF debug ospf trace detail ipfrr
very chatty! redirect output to file
show ospf trace all | in ipfrr
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
109
ISIS – IOS-XR
Configuration IOS-XR - ISIS ISIS interface config mode [no] fast-reroute {per-link|per-prefix} [no] fast-reroute per-prefix exclude interface {interface-name} [no] fast-reroute per-prefix lfa-candidate interface {interface-name} [no] fast-reroute per-prefix level {1-2}
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
used for allowing TE tunnel (explicitpath)
Cisco Public
111
Configuration IOS-XR - ISIS ISIS router config mode [no] fast-reroute per-prefix load-sharing disable [no] fast-reroute per-prefix priority-limit [critical|high|medium] same or higher priority only will be calculated
[no] fast-reroute per-prefix use-candidate-only [no] fast-reroute per-prefix tiebreaker {downstream|lc-disjoint|lowest-backupmetric|lowest-backup-metric|primary-path|secondary-path} index [no] fast-reroute per-prefix remote-lfa tunnel mpls-ldp [no] fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295> BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
112
Configuration IOS-XR - ISIS ISIS interface config mode [no] fast-reroute per-link lfa-candidate interface {interface-name} [no] fast-reroute per-link exclude {interface-name} [no] fast-reroute per-link level {1-2}
ISIS router config mode [no] fast-reroute per-link priority-limit [critical|high|medium] [no] fast-reroute per-link use-candidate-only BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
113
Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show route isis i L1 10.1.100.2/32 [115/30] via 10.1.11.3, 17:00:42, GigabitEthernet0/0/4/3 [115/0] via 10.1.2.7, 17:00:42, GigabitEthernet0/0/4/0 (!)
(!) - FRR Backup path
i L1 10.1.100.3/32 [115/10] via 10.1.11.3, 17:00:42, GigabitEthernet0/0/4/3 [115/0] via 10.1.2.7, 17:00:42, GigabitEthernet0/0/4/0 (!)
(!) - FRR Backup path
RP/0/RP1/CPU0:MeltDown# show route 10.1.100.3 Routing entry for 10.1.100.3/32 Known via "isis one", distance 115, metric 10, type level-1 Routing Descriptor Blocks 10.1.2.7, from 10.1.100.3, via GigabitEthernet0/0/4/0, Backup Route metric is 0 10.1.11.3, from 10.1.100.3, via GigabitEthernet0/0/4/3, Protected Route metric is 10 No advertising protos.
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
114
Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show isis fast-reroute detail 10.1.100.7/32 IS-IS one IPv4 Unicast FRR backups Codes: L1 - level 1, L2 - level 2, ia - interarea (leaked into level 1) df - level 1 default (closest attached router), su - summary null C - connected, S - static, R - RIP, B - BGP, O - OSPF E - EIGRP, A - access/subscriber i - IS-IS (redistributed from another instance) D - Downstream, LC - Line card disjoint, NP - Node protecting P - Primary path, SRLG - SRLG disjoint, TM - Total metric via backup L1 10.1.100.7/32 [20/115] medium priority via 10.1.2.7, GigabitEthernet0/0/4/0, replanet No FRR backup via 10.1.1.7, GigabitEthernet0/0/4/1, replanet FRR backup via 10.1.2.7, GigabitEthernet0/0/4/0, replanet P: Yes, TM: 20, LC: No, NP: No, D: Yes, SRLG: No src replanet.00-00, 10.1.100.7 L2 adv [20] native, propagated BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
115
Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show isis fast-reroute 10.1.100.6/32 detail Tue Dec
3 08:32:32.245 CET
L1 10.1.100.6/32 [20/115] medium priority via 10.1.7.4, GigabitEthernet0/0/4/2, stalin Remote FRR backup via abigor [10.1.100.5], via 10.1.11.3, GigabitEthernet0/0/4/3 kechance P: No, TM: 30, LC: No, NP: No, D: No, SRLG: Yes src burke.00-00, 10.1.100.6
Remote FRR Backup path Targetted LDP session to this LDP router
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
116
Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show isis fast-reroute summary IS-IS one IPv4 Unicast FRR summary Critical
High
Medium
Low
Priority
Priority
Priority
Priority
Total
All paths protected
0
0
4
10
14
Some paths protected
0
0
0
0
0
Unprotected
0
0
2
2
4
Protection coverage
0.00%
0.00%
66.67%
83.33%
77.78%
Prefixes reachable in L1
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
117
Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#debug isis spf frr ? A.B.C.D/length
IPv4 Network to filter debug output on
X:X::X/length
IPv6 Network to filter debug output on
detail
Detail operation of the algorithm on each node
internal
Show internal IS-IS debug(cisco-support)
level
Filter IS-IS debug by level
lsp-id
Filter IS-IS debug by LSP ID
prefix-list
Filter IS-IS debug by prefix list
summary
Overview of route calculation events without detailing results
thread
Filter IS-IS debug by thread(cisco-support)
topology
Filter IS-IS debug by topology
tracepoint
Filter by Tracepoint ID(cisco-support)
verbose
Detail each prefix
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
118
For Your Reference
Default Tie Breaking ISIS – IOS-XR Tie-Breaker option
Description
Default values IOS-XR ISIS
Comment
primary-path (PrimPath)
Prefer primary over secondary path
10
Backup is member of ECMP set
lowest-backup-path-metric
Prefer lower metric
20
The metric of the backup node to D might be higher than metric of S to D
linecard-disjoint (LC Dj)
Prefer path using different linecard
30
Different linecard means also different interface, hence this is link protecting
node-protecting (NodeProt)
Prefer node protecting over link protecting
40
load-sharing (LoadShare)
Distribute remaining candidates among prefixes sharing the protected path
255
Srlg (SRLG)
Prefer LFA not sharing the same Share Link Group
-
Disabled by default
Downstream (Downstr)
Prefer node closer to D than S
-
Disabled by default
secondary-path
Prefer secondary over primary path
-
Disabled by default
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Not configurable. This is the catch-at-the-end policy
119
Configuration Microloop Avoidance Microloop avoidance turned on for rLFA protected prefixes by default!
Both OSPF & ISIS
OSPF router/ISIS router AF config mode
Both IOS & IOS-XR
[no] microloop avoidance [protected] Only for routes which have repair paths. It is recommended to have this keyword when microloop avoidance is enabled manually (i.e. when router does not have the Remote LFA enabled)
[no] microloop avoidance rib-update-delay Delay in milliseconds; default is 5 seconds
debug isis microloop-avoidance [ level-1 | level-2] BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
120
Deployment § A mix of routers with difference in speed, leads to slower/faster reaction to network events – Can lead to micro-loops
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
121
EIGRP § Only Per-Prefix LFA § EIGRP uses the Diffusing Update Algorithm (DUAL) to calculate the successor and feasible successors § Uses existing Feasible Successors for repair paths, so no additional computational load § New: repair route is ready § Automatically enabled on all interfaces covered by the protocol § Repair paths can be equal or unequal cost (though variance command) § Coverage is not necessarily 100% § Design the network to have Feasible Successors metric calculation (BW and delay only) ⎡ ⎤ 10 7 metric = ⎢ + ∑ delays ⎥ * 256 ⎣ min (bandwidth ) ⎦ BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
122
EIGRP kechance#show ip eigrp topology 10.1.100.1 255.255.255.255
EIGRP-IPv4 VR(one) Topology Entry for AS(1)/ID(10.1.100.3) for 10.1.100.1/32 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1376256, RIB is 10752 Descriptor Blocks: 10.1.11.1 (GigabitEthernet1/10), from 10.1.11.1, Send flag is 0x0 Composite metric is (1376256/131072), route is Internal
Feasibility Condition (loopfree) = Reported Distance (RD) by neighbor is lower than Feasible Distance (FD)
Vector metric: Minimum bandwidth is 1000000 Kbit Total delay is 11000000 picoseconds Reliability is 255/255 Load is 1/255
successor
Minimum MTU is 1500 Hop count is 1 Originating router is 10.1.100.1 10.1.5.7 (GigabitEthernet1/4), from 10.1.5.7, Send flag is 0x0 Composite metric is (1376583/131399), route is Internal Vector metric: Minimum bandwidth is 1000000 Kbit Total delay is 11005000 picoseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1000
feasible successor
Hop count is 2
+ repair path
Originating router is 10.1.100.1
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
123
Configuration IOS - EIGRP EIGRP router config mode [no] fast-reroute load-sharing disable [no] fast-reroute per-prefix {all|route-map} [no] fast-reroute per-prefix tiebreak {lowest-backup-path-metric|interfacedisjoint|linecard-disjoint |srlg-disjoint} router eigrp one ! address-family ipv4 unicast autonomous-system 1 ! topology base fast-reroute per-prefix all exit-af-topology network 10.0.0.0 BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
124
Troubleshooting IOS - EIGRP debug eigrp frr show ip eigrp topology frr router#show ip eigrp topology frr EIGRP-IPv4 VR(one) Topology Table for AS(1)/ID(10.1.100.3) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 10.1.100.1/32, 1 successors, FD is 1376256 via 10.1.11.1 (1376256/131072), GigabitEthernet1/10 via 10.1.5.7 (1376583/131399), GigabitEthernet1/4, [LFA]
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
125
For Your Reference
Default Tie Breaking EIGRP– IOS
Tie-Breaker option
Description
Default values IOS OSPF
Comment Shared risk of links
srlg (SRLG)
Prefer LFA not sharing the same Share Link Group
10
interface-disjoint (IntfDj)
Prefer path over other interface than protected one
20
lowest-backup-path-metric
Prefer lower metric
30
The metric of the backup node to D might be higher than metric of S to D
linecard-disjoint (LC Dj)
Prefer path using different linecard
40
Different linecard means also different interface, hence this is link protecting
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
126
Troubleshooting Roundup § LFA coverage is not always 100% – Perhaps LFA is only enabled for one OSPF area only
§ LFA is by default only for the high priority prefixes § Remote LFA coverage is not always 100% – – – –
Some destinations can be behind routers without LDP enabled Targetted LDP session can be down Perhaps “mpls ldp discovery targeted-hello accept [from ]“ was forgotten Perhaps LFA is not enabled for external prefixes
§ Check coverage with fast-reroute summary commands § Enable “fast-reroute keep-all-paths” in IOS in order to easily compare the path attributes § Use show commands (IOS or IOS-XR equivalent commands) – – – – –
show ip route show ip route repair show ip ospf rib Show ip cef check CEF table for backup path and MPLS labels
§ Use debug commands BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
127
Conclusion
Conclusion § It’s simple – Simple CLI, simple functionality
§ It’s fast § It’s rich – Link, node, SRLG protection
§ Deployment friendly – No protocol change, local to one router, incremental deployment
§ Good scaling § Remote LFA to the rescue for difficult topologies – For example: ring topologies
§ Topology dependant – Might not be providing 100% coverage BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
129
Call to Action… Visit the World of Solutions:§ Cisco Campus § Walk-in Labs § Technical Solutions Clinics § Meet the Engineer
§ Lunch Time Table Topics, held in the main Catering Hall § Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014 Presentation_ID
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
130
Complete Your Online Session Evaluation § Complete your online session evaluation § Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt
Presentation_ID
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
131
Availability – IPv4 OSPFv2 Per Link LFA
7600 (IOS)
ASR1K (IOSXE)
-
-
ASR901 ASR903 ISR4451--X ME3600 (IOS-XE)
ME3800 CSR1000v
ISIS Per Link LFA OSPFv2 LFA (per prefix)
ASR9K (IOSXR)
CRS1 (IOSXR)
12K (IOS-XR)
4.0.1
3.9.0
4.0.1
4.0.1
3.5.0
4.0.1
15.1(3)S
3.4.0S
3.6.0S
3.8.0S
4.2.0
4.2.0
4.2.0
ISIS LFA (per 15.1(2)S prefix)
3.4.0S
3.6.0S
3.8.0S
4.0.1
4.0.1
4.0.1
5.1.0
4.3.1?
5.1.0
4.3.1?
EIGRP LFA (per prefix)
15.2(4)S
OSPFv2 Remote LFA
15.2(2)S
15.2(2)SNI
15.3(2)S
15.3(2)S
ISIS Remote LFA
15.2(2)S
15.2(2)SNI
15.3(2)S
15.3(2)S
ISIS LFA (per prefix) VPLS 15.1(2)S1 Core BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
3.9.0aS
Cisco Public
133
Availability – IPv6 7600 (IOS) ASR1K (IOS-XE) ASR9K (IOS-XR) Per Link LFA
-
-
CRS1 (IOS-XR)
4.3.1
4.3.1
OSPFv3 LFA (per prefix)
4.3.1
4.3.1
ISIS LFA (per prefix)
4.3.1
4.3.1
EIGRP LFA (per prefix) OSPFv3 Remote LFA ISIS Remote LFA
BRKRST-3020
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
134