BRKRST 3020 Advanced - IP LFA (Loop-Free-Alternative) Architecture ...

Viewer
Transcript

IP LFA (Loop-Free-Alternative): Architecture and Troubleshooting BRKRST-3020

Luc De Ghein Technical Leader Services

Agenda §  Introduction §  LFA Overview §  LFA Architecture –  Per-link vs per-prefix –  Repair path selection and tie-breakers –  Remote LFA –  Repair path in data plane

§  Configuration, implementation and troubleshooting (OSPF, ISIS, EIGRP) in IOS and IOS-XR §  Conclusion

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

3

Introduction

Introduction §  Best-effort traffic delivery for IPv4/v6 was good enough §  Service failures caused by routing transitions are largely hidden by higher-level protocols that retransmit the lost data §  But, this not good enough anymore for voice and video traffic §  We need something better: IP-FRR –  Low-hanging fruit –  MPLS is not needed

§  One implementation is LFA §  IPv4 is used throughout the presentation – same principles apply to IPv6

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

5

Goal - Benefits §  Provide FAST restoration of traffic flow in case of network failure –  Designed to give the same speed of recovery as MPLS TE FRR

§  Does not require MPLS to function (though may protect MPLS traffic if present) –  Remote LFA does require MPLS at this time

§  The goal was to provide 50 ms restoration (actual speed depends on platform) §  Protect –  –  –  – 

One single link failure One single node failure No path protection Multiple failure conditions are not covered

§  Simpler than MPLS TE FRR to configure and operate §  Good scalability §  Incremental deployment – no inter-router signaling specific to LFA FRR BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

No signaling protocol

6

LFA Overview

Convergence, Protection, Restoration §  Convergence –  In case of failure, the routing protocol computes new best path –  New best path gets installed in data plane

1-5 sec

§  Fast convergence –  Same as above, but faster –  Tuned routing protocol

< 1 sec

§  Pre-computed backup path –  For speed: pre-computed backup/repair path needed, in data plane

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

50-100 msec

8

LFA and MPLS TE Comparison LFA FRR

MPLS TE FRR

Repair Path

Least cost

Constraints based with bandwidth guarantee and path control

Link Protection

Yes

Yes

Node Protection

Yes

Yes

Path Protection

No

Yes

Control Plane Requirements

None

RSVP-TE

Provisioning

Minimal Configuration

Significant

Network Topology

Effective with mesh

No dependency. Always works.

SRLG

Yes

Yes

Load distribution over multiple repair paths

Yes

No

IPv6 support

Yes

No

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

9

Reducing Loss Of Connectivity (LoC) Control Plane Fast Convergence

Data Plane Convergence (FRR)

t0 Failure Detection t1 Failure Propagation (Flooding, Updates, etc) t2 Topology/Routing Recalculation t3 Update Routing and Forwarding Table (RIB/FIB)

t0 Failure Detection tR Switchover to (pre-computed) backup path t1 Failure Propagation (Flooding, Updates, etc) t2 Topology/Routing Recalculation t3 Update Routing and Forwarding Table (RIB/FIB)

LoC

t0

t1

t2

failure

LoC

t3

t4

t0 tR t1

t2

t3

t4

failure BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

10

LFA Architecture

Principal Idea Behind LFA repair path R3

R1

R2

primary path §  R1 has best path : R1-R2 §  R1 computes repair path R1-R3-R2 = Loop-Free Alternate (LFA) –  Repair path does not go over link R1-R2 –  Next hop router R3 delivers traffic to destination without returning the traffic to R1

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

12

Building Blocks of LFA Requirement

Building Block of LFA

Speed

Pre-compute repair path

Speed of restoration

Put repair path in data plane (CEF)

Fast detection

Fast Link down detection – best to use BFD

Cleanup

Normal convergence occurs after the event

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

13

Principal Mechanism of LFA Normal Shortest Path Calculation (SPF) topology

SPT

root router &

A

A

10 B

10

20 10

10

E

D

F

30 10

10 10

E

30

10 G

C

10

30

10

calculating node

10

B

C

10

D

SPF

10

10 G

H

F

H

10 G

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

14

Principal Mechanism of LFA The trick = calculating router runs SPF with other router as root topology

SPT calculating node

10

D

10

10

B

SPF

C

20

10 10

root router

C

A

10

E

A

E

10

30

10

10

B

F

30

10 D

30

10

G

F

10

10 G

10

H

reverse SPF = rSPF

§  All of the LFA (directly connected and remote) is made possible by the calculating router running an SPF with its neighbor(s) as root –  An SPF with any router in the area as root is not needed (but could be theoretically done) BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

H

10 G

15

General Theory – Definitions primary path E

S

D N

Name

Definition

S

Source (local) router

The router where all calculations are done

D

Destination router

The router where the prefixes are connected

N

Neighboring router

The neighbor router which is the alternate next hop router under investigation

E

Another neighboring router

The primary next hop router

D(A,B)

Distance

The lowest cost from A to B

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

16

General Theory - Rules Loop Free Alternate

E is the primary next hop router

Inequality 1: D(N,D) < D(N,S) + D(S,D) “Path is loop-free because N’s best path is not through local router.” Traffic sent to backup next hop is not sent back to S.

E

Downstream Path Inequality 2: D(N,D) < D(S,D)

S

D

“Neighbor router is closer to the destination than local router.” Loop-free is guaranteed even with multiple failures (if all repair-paths are downstream path). N

Node protection

N is the protecting next hop router

Inequality 3: D(N,D) < D(N,E) + D(E,D) “N's path to D must not go through E.” “The distance from the node N to the prefix via the primary next-hop is strictly greater than the optimum distance from the node N to the prefix.“ BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

17

General Theory - Rules Loop Free Link Protecting for Broadcast Link Inequality 4: D(N,D) < D(N,PN) + D(PN,D) “the link from S to N should not be the same as the protected link” “the link from N to D should not be the same as the protected link”

0

S

0

N

PN

D

0

E

PN = PseudoNode representing the BroadCast link with cost 0 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

18

General Theory Examples

10

D(N,D) < D(N,S) + D(S,D)

Loop Free Alternate

Inequality 2

D(N,D) < D(S,D)

Downstream path

Inequality 3

D(N,D) < D(N,E) + D(E,D)

Node protection

Inequality 1: 11 < 12 + 15 ?

5

E

Inequality 1

Inequality 2: 11 < 15 ? S

D

12

11

Inequality 3: 11 < 16 + 5 ?

N

10

E

Inequality 1: 20 < 12 + 15 ?

5

Inequality 2: 20 < 15 ? S

D

12

20

Inequality 3: 20 < 22 + 5 ?

N

10

Inequality 1: 25 < 12 + 15 ?

5

E

20 S

D

Inequality 2: 25 < 15 ?

12 N BRKRST-3020

Inequality 3: 25 < 20 + 5 ? © 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

19

General Theory Examples Bis

22

Inequality 1: 25 < 10 + 27 ?

5

E

Inequality 2: 25 < 27 ?

20

S

D(N,D) < D(N,S) + D(S,D)

Loop Free Alternate

Inequality 2

D(N,D) < D(S,D)

Downstream path

Inequality 3

D(N,D) < D(N,E) + D(E,D)

Node protection

D

20

Inequality 3: 25 < 20 + 5 ?

N

10

Inequality 1

E

Inequality 1: 27 < 12 + 15 ?

5

S

D

12

Inequality 2: 27 < 15 ?

27 N

BRKRST-3020

Inequality 3: 27 < 22 + 5 ?

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

20

General Theory Example 4th Inequality “the link from S to N should not be the same as the protected link” “the link from N to D should not be the same as the protected link” 8

10

25

Inequality 1

D(N,D) < D(N,S) + D(S,D)

Loop Free Alternate

Inequality 2

D(N,D) < D(S,D)

Downstream path

Inequality 3

D(N,D) < D(N,E) + D(E,D)

Node protection

Inequality 4

D(N,D) < D(N,PN) + D(PN,D)

Loop Free Alternate BC

N

0 10 21

S

0

D

PN 0

11

10

D(N,D) = 21 and path goes through the PN

E

Inequality 4: 21 < 10 + 11 ?

BRKRST-3020

Loop-free for BC link

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

21

General Theory Per-Link versus Per-Prefix LFA Per-Prefix

Per-Link D1

10 10

N1

10

10

10 10

D1

5 E

D1 + D2

5 N2

10

10

D1

5

S

10

N1

E

S

10 D2

§  Backup path carries traffic for all destinations through primary next hop §  There is no difference in path for prefixes to D1 or D2 §  Can lead to overloaded links S-N2 and N2-E §  Node protection is possible, but not guaranteed (topology dependent) §  Node protection if path is S-N1-D1, but then suboptimal path for prefixes to D2

D2

10

5 N2

10 D2

§  Two different backup path can carry traffic for different prefixes through primary next hop, and hence produce better load sharing §  More complex calculations than per-link LFA, computation is for each neighbor of S and perprefix

Per-Link LFA or per-prefix LFA is chosen per interface!

§  Simple computation, single rSPF per protected neighbor BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

22

Inequality 1

D(N,D) < D(N,S) + D(S,D)

General Theory

Loop Free Alternate

Per-Link versus Per-Prefix LFA: Coverage Per-Link

Per-Link 10

N

15

20

B

S

10

15

X

20

B

S

10

10 E

X+Y

15

N

X

10 E

X+Y

Y

Y

§  E is primary next-hop for prefixes X and Y

§  E2 is primary next-hop for prefixes X and Y

§  Inequality 1 : prefix X : 15 < 10 + 20

§  Inequality 1 : prefix X : 15 < 15+ 20

§  Inequality 1 : prefix Y : 20 < 10 + 10

§  Inequality 1 : prefix Y : 20 < 15 + 10

§  No protection for prefix X and Y !

§  Protection for prefix X and Y !

Conclusion? BRKRST-3020

All or nothing (prefixes) with Per-Link LFA

Prefixes reachable through the same primary next-hop, share the same backup

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

23

General Theory Per-Link LFA Limitation 30 16

N1

70

Prefix from D1, NH = D1, cost = 30 Prefix from D2, NH = S, cost = 81 40

D1

5 30

E

S

5

20 N2

16

30 D2

N1

70

40

D1

5 E

S

15

20 N2

30 D2

Prefix from D1, NH = S, cost = 51 Prefix from D2, NH = E, cost = 50

§  Traffic to D2 is forwarded to E on N2

§  Traffic to D1 is forwarded to D1

§  Traffic to D1 is U-turned on N2, back to S

§  Traffic to D2 is U-turned on N1, back to S

Conclusion? BRKRST-3020

Per-Link LFA does not always work

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

24

General Theory Comments/Coverage §  LFA

S

–  Very good network coverage –  µ–loops possible

E

D

§  Downstream paths –  No µ–loop possible –  Less network coverage

N

link- without node-protection can cause microloop

§  Ring topology: no coverage

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

25

Load Balancing/ECMP §  ECMP : more than one primary next hop §  The other primary next hops might provide: •  •  • 

only link protection only node protection both link and node protection

alternate path

18

10

N1

14

Depending on the defaults and configuration, the althernate NHs can be another primary NH or an alternate nonprimary NH

10

S

D 10

14

N2 5

5

primary path

Using primary NH as alternate NH • 

Pro: no µ–loop possible

• 

Con: congestion is possible

N3 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

26

IP-FRR and MPLS §  LDP follows the topology calculated by the routing protocol §  LDP requirement: Downstream Unsolicited; Liberal Retention –  No issue (always, except for ATM interfaces)

§  Forwarding plane considers the fact that protecting label is different for each prefix –  Same LFA but different protecting label per prefix

§  IP FRR transparently supports VPN, VPLS, 6PE/6VPE –  Check if it is supported

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

27

Micro-Loops §  A loop – short in time §  Resolved by normal link state convergence, i.e. loop until first SPF §  During the reconvergence period some routers in the network forward traffic based on the 'old' forwarding table and some routers have already switched to use the 'new' forwarding table §  Result of difference in updating speed on routers –  CPU, forwarding ASICs, difference in distance in topology

§  Duration of loops is bounded by the reconvergence time of the slowest routers §  Microloop can happen close to the failure or far from it §  Loop is after S reconverges, but other router did not finish reconverging yet

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

28

Micro-Loops rLFA tunnel

§  Link failure S-D –  –  –  –  – 

t0 Link failure detected tR IP-FRR kicks in on S t1 Failure Propagation (Flooding, Updates, etc) t2 Topology/Routing Recalculation (SPF runs on S) t3-t4 Update Routing and Forwarding Table (RIB/FIB)

§  t4 end of updating on S §  t5 end of updating on N §  [t3-t4]-[t4-t5] N still has route for D, pointing to S: loop §  t5 loop resolved: N finished updating its tables: then route for D points to R1 failure BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

N

R1

R2

S

D

LoC

t0 tR t1

loop

t2

t3

Cisco Public

t4

t5 29

Micro-Loops §  Micro loops –  A loop – short in time –  Resolved by normal link state convergence, i.e. loop until first SPF

§  Methods are proposed to prevent micro-loops (RFC 5715) –  Is it worth it?

§  Solution –  Routers connected to failed link delay updating forwarding table §  Until all other routers have converged –  RIB delay timer

§  In the meantime, traffic remains on rLFA protected path

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

30

Remote LFA The Problem & The Solution The problem §  Directly connected LFA does not cover all –  No neighbor is found which is an LFA –  Remote LFA covers more –  Typically a ring topology will need remote LFA

S

1

R2

Remote LFA (encap tunnel) The solution

1

1

1

R5

R4

§  Remote LFA: tunnel the packets to a router which can deliver the packets without going across the failed link

© 2014 Cisco and/or its affiliates. All rights reserved.

D

1

R3

BRKRST-3020

1

Cisco Public

31

Remote LFA No 100% Coverage §  No tunnel to remote LFA is possible –  A tunnel to R3 is not good enough (far enough), because the cost from R3 to router D is 6 counter clockwise vs 3 clockwise –  Packets coming out of the tunnel on R3 would be sent back to R1 clockwise

§  A tunnel to R4 is good enough (far enough), because the cost from R4 to router D is 2 counter clockwise vs 7 clockwise –  But the tunnel is not possible because the cost from R2 to R4 is 5 counter clockwise vs 4 clockwise –  R2 would send tunneled packets back to router S clockwise

S

1

1

R2

D

1

1

R3

R5

4

1 R4

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

32

Remote LFA Finding the Tunnel Endpoint

P space of Router S

S

Q space of Router E

E

PQ

P-space of router S and the link SE

Q-space of the router E and the link SE

It is the set of routers that S can reach without passing through the link SE (including ECMP)

It is the set of routers that can reach the router E without passing through the link SE

A router common to both P and Q space is called a PQ router If S tunnels a packet to the PQ router, then the packet is guaranteed to reach E without passing through link SE BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

An algorithm is needed to pick a PQ router if multiple candidates exist

33

Remote LFA Extended P-Space

P space of Router S

S

Q space of Router E

E

N PQ

Extended P-space of router S and the link SE The set of links that all of neighbors of router S can reach without passing through the link SE

Extended P-space = P-space of each neighbor and the protected link Extended = more prefix coverage BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

34

Remote LFA Calculating the P-space topology

SPT after pruning protected link branch

SPT

A

A

SPF

A

pruning

B

C

B

C

B

D

E

D

E

D

§  §  § 

Compute SPF rooted in the protecting node Any node reachable through protected link branch does NOT belong to the P-space Prune branch going through protected link (including ECMP)

§ 

Routers B and D constitute the P space –  – 

P-space

A can reach B and D without going through AC B and D are candidate PQ/release nodes BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

35

Remote LFA Calculating the Q-space topology A

B

SPT after pruning protected link branch

rSPT rooted at C A

rSPF C

B

pruning C

C

Q-space D

E

D

D

E

E

§  §  § 

only one rSPF needed = cheap Compute Reverse SPF rooted on link far end router Any node reachable through protected link sub-branch is NOT a PQ candidate Prune branch going through protected link

§ 

Routers E and D constitute the Q space –  – 

E and D can reach C without going through AC E and D are candidate PQ/release node BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

36

Remote LFA Calculating the Set of PQ Candidates Q-space

P-space

topology

A

∩

B

D

D

§ 

A

C

B

C

E

D

E

PQ candidate is any member of both trees

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

PQ candidate

Cisco Public

37

Remote LFA Extended P-Space §  Extended P-space –  P-space of each neighbor and the protected link A

B

C

D

§  There is an increase of prefix coverage –  For example in the square topology

§  Normally there is no PQ node in the square topology §  With extended P-Space, D becomes a PQ node for neighbor C

BRKRST-3020

§  Extended P-Space calculation is not expensive –  Directly Connected LFA makes sure the router already runs SPF in behalf of each neighbor –  Directly Connected LFA is run before Remote LFA

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

38

Remote LFA Square with P-Space SPT

SPT after pruning protected link branch

A A

pruning

SPF C

topology A

C

B

D

D

SPT after pruning protected link branch

rSPT rooted at B C

P-space

B

B

D

B

SPF

BRKRST-3020

Q-space

pruning A

no intersection

D

C C © 2014 Cisco and/or its affiliates. All rights reserved.

D

Cisco Public

39

Remote LFA Square with Extended P-Space rSPT rooted at C

SPT after pruning protected link branch

C C

D

topology A

A D

B

B

SPT after pruning protected link branch

B

D

Q-space

pruning A

PQ is router D

B

SPF

BRKRST-3020

A

B

rSPT rooted at B C

Extended P-space

pruning

SPF

D

C C © 2014 Cisco and/or its affiliates. All rights reserved.

D

Cisco Public

40

Remote LFA Notes on Remote LFA §  The Tunnel is an LSP –  By LDP only –  LDP should be enabled everywhere §  If not, some prefixes/link might be unprotected §  The sw will not take care of excluding those links

§  In theory, IP-in-IP, GRE, L2TP tunneling is possible –  IP tunneling is not supported by us

§  From forwarding plane point of view, the LSP is indistinguishable from an unprotected TE tunnel §  PQ node protection is link protecting only, not node protecting §  PQ node calculations are only executed if there are unprotected paths for protectable prefixes §  No Remote LFA for per-link BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

41

Remote LFA Remote LFA with MPLS Targetted LDP Session

A

PQ

Label Bindings (IGP prefixes)

A

A

B

C

B

C

B

C

D

E

D

E

D

E

§  A does not find Directly Connected LFA for link A-C

§  A initiates Targetted LDP session to router D

§  A runs Remote LFA computation and finds Remote LFA to D (D is chosen PQ node)

§  D advertises label bindings to router A §  Router A installs prefix in CEF and LFIB as backup with label from targetted LDP session

Notes: Router D is not aware it will be used as PQ node Targetted LDP acceptance must be enabled on all routers BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

42

Remote LFA Remote LFA with MPLS: Packet Forwarding IP

IP

A

Targetted LDP Session

B

C

E

X

IP IP

L4

L1 D

E

IP

L3

§  Router D advertises Label L1 to router A for prefix X §  Router A programs imposition of labels { L2 L1 } for prefix X as repair path with NH router B BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

43

Tie Breaking

Tie Breaking There Can Be Only One §  Computation provides usually multiple LFAs §  Need to select one LFA among multiple candidates for each prefix/path §  How tie breaking works: •  A set of consecutive rules, by preference •  Each rule discards candidates e.g. rule of node protecting eliminates paths which do not node protect

•  Scheme stops when one single path remains •  If a rule excludes all paths (no path has the attribute), then the rule is skipped •  Remaining candidates are distributed among prefixes sharing the protected primary path (load-sharing)

Remember that an LFA candidate is a neighbor that passes the LFA inequality BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

45

Tie Breaking Attributes §  Attributes §  Set of attributes are ON by default §  Order of attributes: preference value

BRKRST-3020

SRLG

Prefer other Share Link Group

Primary Path

Prefer Primary over Secondary path

Interface Disjoin

Prefer other interface then protected interface

Node protecting

Prefer node over link protecting

Broadcast Interface Disjoin

Prefer Path not using the broadcast segment

Load Sharing

Distribute candidates among prefixes sharing the protected path

Downstream

Prefer the router closer to D than S

Secondary

Prefer scondary over primary

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

46

Tie Breaking Example R1#show ip ospf rib 10.100.1.13

Default Tie Breaking, IOS, OSPF

via 10.1.5.7, Ethernet0/0

primary path

Flags: RIB LSA: 1/10.100.1.13/10.100.1.13

repair path via 10.1.3.4, Serial4/0, cost 31

1

Flags: RIB, Repair, IntfDj, BcastDj, PrimPath, LC Dj, NodeProt, Downstr, LoadShare LSA: 1/10.100.1.13/10.100.1.13

repair path via 10.1.6.8, Serial6/0, cost 36

2

Flags: Ignore, Repair, IntfDj, BcastDj, LC Dj

10 20 30 40 50 60 70 256

srlg primary-path interface-disjoint lowest-metric linecard-disjoint node-protecting broadcast-interface-disjoint load-sharing

LSA: 1/10.100.1.13/10.100.1.13

no path has SRLG, so this policy step is skipped

repair path via 10.1.4.5, Serial5/0, cost 31

3

Flags: Ignore, Repair, IntfDj, BcastDj, PrimPath , LC Dj, NodeProt, Downstr, LoadShare LSA: 1/10.100.1.13/10.100.1.13 repair path via 10.1.5.6, Ethernet0/0, cost 31

4

Flags: Ignore, Repair,

path 4 does not have “IntfDj” attribute

PrimPath, NodeProt, Downstr

paths 1 & 3 have the same cost

LSA: 1/10.100.1.13/10.100.1.13

paths 1 & 3 have the same set of attributes

repair path via 10.1.2.3, Serial3/0, cost 131

5

Flags: Ignore , Repair, IntfDj, BcastDj, LC Dj, NodeProt LSA: 1/10.100.1.13/10.100.1.13

BRKRST-3020

path 2 & 5 do not have “PrimPath” (not one of the ECMP paths)

© 2014 Cisco and/or its affiliates. All rights reserved.

it comes down to “loadshare” : one of the 2 paths is chosen Cisco Public

47

Configuration, Implementation and Troubleshooting (OSPF, ISIS, EIGRP) in IOS and IOS-XR

Implementation Notes §  Differences apply in implementations –  IOS does Per-Prefix LFA only –  IOS-XR does Per-Link and Per-Prefix –  OSPF versus ISIS –  IPv6 is similar to IPv4

§  Restrictions –  Interface types (check www.cisco.com)

§  Remote LFA is only calculated when Directly Connected LFA does not provide protection (if there are unprotected paths for protectable prefixes) –  Less state –  Less tunnels

§  PQ node protection is link protecting only, not node protecting BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

49

Implementation Notes §  Per-prefix LFA performance is proportional to nr of neighbors and nr of prefixes §  Memory increase –  Distance tables –  RIB needs to store backup paths –  LDP storage increase

§  Calculation is done in background –  Primary SPF always has priority

§  OSPF –  Backup path for the prefix will always be calculated in the same area where primary path exists –  Backup path will be of same route type (intra-area, inter-area, external, external-NSSA) and using same metric type as primary path –  IOS-XR: only per-link or per-prefix per interface

§  ISIS –  No FRR SPF results are stored

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

50

SRLG Assigning a Shared Risk Link Group (SRLG) to an Interface

IOS

IOS-XR

interface Ethernet0/0 srlg gid 100 ip address 10.1.5.1 255.255.255.0

srlg interface GigabitEthernet0/0/4/1 1 value 100

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

51

Show IP Route Repair-paths R1#show ip route repair-paths 10.100.1.13 Routing entry for 10.100.1.13/32 Known via "ospf 1", distance 110, metric 31, type intra area Last update from 10.1.3.4 on Serial4/0, 2d19h ago Routing Descriptor Blocks: * 10.1.5.7, from 10.100.1.13, 2d19h ago, via Ethernet0/0 Route metric is 31, traffic share count is 1 Repair Path: 10.1.2.3, via Serial3/0 10.1.4.5, from 10.100.1.13, 2d19h ago, via Serial5/0 Route metric is 31, traffic share count is 1 Repair Path: 10.1.6.8, via Serial6/0 [RPR]10.1.6.8, from 10.100.1.13, 2d19h ago, via Serial6/0 Route metric is 36, traffic share count is 1 [RPR]10.1.2.3, from 10.100.1.13, 2d19h ago, via Serial3/0 Route metric is 131, traffic share count is 1 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

52

IPFRR and LDP primary label R1#show ip route 10.100.1.13

R1#show ip cef 10.100.1.13

Routing entry for 10.100.1.13/32

10.100.1.13/32

Known via "ospf 1", distance 110, metric 31, type intra area Last update from 10.1.5.7 on Ethernet0/0, 5w4d ago Routing Descriptor Blocks:

no label: there is no remote label binding from next-hop

nexthop 10.1.4.5 Serial5/0 label [46|none] repair: attached-nexthop 10.1.6.8 Serial6/0 nexthop 10.1.5.7 Ethernet0/0 label [43|45]

* 10.1.5.7, from 10.100.1.13, 5w4d ago, via Ethernet0/0

repair: attached-nexthop 10.1.5.6 Ethernet0/0

Route metric is 31, traffic share count is 1 Repair Path: 10.1.5.6, via Ethernet0/0

45 is label of the repair path R1#show mpls ldp bind 10.100.1.13 32

10.1.4.5, from 10.100.1.13, 6w0d ago, via Serial5/0 Route metric is 31, traffic share count is 1 Repair Path: 10.1.6.8, via Serial6/0

remote LFA label

lib entry: 10.100.1.13/32, rev 66 local binding:

label: 41

remote binding: lsr: 10.100.1.2:0, label: 45 remote binding: lsr: 10.100.1.4:0, label: 44

label of primary path

label of repair path

remote binding: lsr: 10.100.1.6:0, label: 45

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

53

Remote LFA Implementation Notes §  The remote LFA tunnel is an interface –  Name is MPLS-Remote-LFA –  is always incremented to facilitate debugging

§  The remote LFA interface is unnumbered to the underlying physical interface §  The remote LFA interface is always up –  Adjacency changes from drop to non-drop depending in the availability of the transport label to the tunnel tailend –  There are always IPv4 and Tag adjacency for the tunnel R1#show ip interface brief Interface

IP-Address

OK? Method Status

Protocol

Ethernet0/0

10.1.5.1

YES NVRAM

up

up

Serial2/0

10.1.1.1

YES NVRAM

up

up

Loopback0

10.100.1.1

YES NVRAM

up

up

MPLS-Remote-Lfa51

10.1.6.1

YES unset

up

up

MPLS-Remote-Lfa52

10.1.5.1

YES unset

up

up

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

54

Remote LFA Implementation Notes Configuration: LDP §  LDP must be enabled on the interfaces used by the repair LSP §  Directly connected LFA must already be enabled §  There are specefic commands to enable remote LFA §  FRR-manager on the calculating node will initiate the targetted session to the chosen PQ node –  only when needed, i.e. there will not be targetted LDP sessions to all nodes by default

§  No remote LFA-specific LDP configuration on PQ node –  The PQ node must be configured to accept targeted LDP session from the protecting node mpls ldp discovery targeted-hello accept [from ] BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

55

OSPF - IOS

Configuration, Implementation and Troubleshooting OSPF - IOS §  Only per-prefix LFA §  2 new debug commands R1#debug ip ospf fast-reroute ? rib

OSPF FastReroute Routing Information Base (RIB)

spf

OSPF LFA FastReroute SPF

R1#debug ip ospf fast-reroute rib ? <1-199>

Access list

<1300-2699>

Access list (expanded range)

R1#debug ip ospf fast-reroute spf ? detail

Print more debugging detail BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

57

OSPF - IOS What is Stored Extra? §  SPFs are run for each neighbor with that neighbor as root! §  Full SPFs with N as root are not stored on S

E

§  Some info needs to be stored in new tables to be used by partial SPF in between full SPFs –  Distance to neighbor §  Stored in Per-Neighbor Router Distance Table §  Not the distance to all routers in that area needs to be stored

E is the primary next hop router

S

D

N

N is the protecting next hop router

D(N,D) < D(N,E) + D(E,D)

D(N,D) equals D(S,D)viaN - D(S,N)

D(N,E) + D(E,D) equals D (N,E) + D(S,D) - D(S,E)

D(S,D)viaN - D(S,N) < D (N,E) + D(S,D) - D(S,E)

§  Distance from N to D is not needed and hence D(N,D) is not stored §  Distance from E to D is not needed and hence not stored §  Distance from neighboring routers to the destination is not stored §  Distance from N to E is stored BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

58

OSPF - IOS What is Stored Extra? E

What?

Where?

D(S,D) for the prefixes at D

in LRIB as primary path

D(S,D)viaN for the prefixes at D

in LRIB as repair path

D(S,N)

internally (there is no show command to display this)

D(S,E)

internally (there is no show command to display this)

D(N,E)

in Per-Neighbor Router Distance Table (needed by partial SPF)

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

S

D

N

Cisco Public

E is the primary next hop router

N is the protecting next hop router

59

OSPF - IOS New Storing Elements: Per-Neighbor Tables What

Where?

Description

Why?

Distance from neighboring router to neighboring router

Per-Neighbor Router Distance Table

Distance to ABRs/ASBRs

Per-Neighbor Router Distance Table

ABR/ASBR info is built from intra-area and inter-area reachability info and Type 4 LSAs

Needed by partial SPF

Distance to Network LSA

Per-Neighbor Network Distance Table

S needs to know if N has a broadcast interface back to S and check inequality 4

Info needed during partial SPF

•  Inequality 4: D(N,D) < D(N,PN) + D(PN,D) •  D(N,PN) is stored

External LSA forwarding address

BRKRST-3020

Per-Neighbor External LSA Forwarding Address Distance Table

© 2014 Cisco and/or its affiliates. All rights reserved.

Needed by partial SPF when calculating repair path (reachability) for LSA type 5/7 Cisco Public

60

OSPF - IOS New Storing Elements: Per-Neighbor Tables - Example R1# show ip os neighbor fast-reroute

| begin ID 10.100.1.2

neighbor N of S (root of SPF)

Neighbor with Router ID 10.100.1.2: Reachable over:

D(S,N)

Serial2/0, IP address 10.1.1.2, cost 10

Router distance table: i

[10]

10.100.1.2

i

[0]

10.100.1.3

i

[10]

10.100.1.9

i

[25]

10.100.1.10

i

[30]

10.100.1.13

i

[40]

neighbors E of S with D(N,E) ABRs/ASBRs with D(N,ABR/ASBR)

Network LSA distance table: i

[20]

External LSA forwarding address distance table: 10.200.1.2

i

equivalent info as “show …” command on router with ID 10.100.1.2 R2#show ip ospf border-routers

10.100.1.1

10.1.5.7

S is router R1 N is router R2

[50] via 10.200.1.0/24

i intra-area route I inter-area route BRKRST-3020

D(N,PN) cost from N to DR

i 10.100.1.9 [25] via 10.1.1.1, Serial2/0, ASBR, Area 0, SPF 25 i 10.100.1.10 [30] via 10.1.7.3, Serial3/0, ABR, Area 0, SPF 25 i 10.100.1.13 [40] via 10.1.1.1, Serial2/0, ABR/ASBR, Area 0, SPF 25

R2#show ip ospf database network LS Type: Network Links Link State ID: 10.1.5.7 (address of Designated Router) Advertising Router: 10.100.1.7 Length: 36 Network Mask: /24 Attached Router: 10.100.1.7

R2# show ip route 10.200.1.2 Routing entry for 10.200.1.0/24 Known via "ospf 1", distance 110, metric 50, type intra area Last update from 10.1.1.1 on Serial2/0, 2d23h ago Routing Descriptor Blocks: * 10.1.1.1, from 10.100.1.13, 2d23h ago, via Serial2/0 Route metric is 50, traffic share count is 1

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

61

OSPF - IOS Primary and Repair Path in LRIB (Local RIB) R1#show ip ospf rib 10.100.1.13 OSPF local RIB Codes: * - Best, > - Installed in global RIB *>

LSA: type/LSID/originator

10.100.1.13/32, Intra, cost 31, area 0 SPF Instance 44, age 01:05:21 Flags: RIB, HiPrio

primary path

via 10.1.5.7, Ethernet0/0 Flags: RIB LSA: 1/10.100.1.13/10.100.1.13

repair path via 10.1.5.6, Ethernet0/0, cost 32 Flags: RIB, Repair, NodeProt, Downstr LSA: 1/10.100.1.13/10.100.1.13 repair path via 10.1.6.8, Serial6/0, cost 36

cost = D(S,D)viaN = D(S,N) + D(N,D) for one prefix

Flags: Ignore, Repair, IntfDj, BcastDj, LC Dj

tie breaker attributes if SRLG is present = means equal SRLG value!

LSA: 1/10.100.1.13/10.100.1.13 repair path via 10.1.4.5, Serial5/0, cost 31 Flags: Ignore, Repair, IntfDj, BcastDj, PrimPath, LC Dj, NodeProt, Downstr LSA: 1/10.100.1.13/10.100.1.13 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

62

Configuration IOS - OSPF OSPF router config mode [no] fast-reroute per-prefix enable [area ] prefixpriority {high | low}

External routes do not belong to any area

N O T E S

BRKRST-3020

To protect externals you MUST have enabled the command without the area keyword Enabling ‘low’ priority means that both high and low priority prefixes are eligible for protection © 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

63

Configuration IOS - OSPF OSPF router config mode [no] prefix-priority high route-map

High priority get programmed before low priority in RIB

N O T E S

Routes permitted by the route-map are assigned High priority, the rest is Low priority By default if not configured prefixes with /32 mask are High priority, the rest is Low priority

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Route-map match statements: match tag match route-type match ip address

Other ‘match’ and all ‘set’ statements

are ignored Cisco Public

64

Configuration IOS - OSPF OSPF router config mode [no] fast-reroute keep-all-paths

N O T E S

OSPF to keep in the LRIB all candidate repair paths which were found during LFA FRR SPF For troubleshooting only Especially when looking at or changing the tie-breakers

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

N O T E S

By default: only best repair path in RIB Conserves memory

Cisco Public

65

Configuration IOS - OSPF Interface config mode [no] ip ospf fast-reroute per-prefix protection [disable]

N O T E S

BRKRST-3020

Primary routes pointing to this interface will not be protected

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

66

Configuration IOS - OSPF Interface config mode [no] ip ospf fast-reroute per-prefix candidate [disable]

The interface will not be used for repair paths

N O T E S

LFA SPF optimization: If interface cannot be used for repair paths then it is not needed to run SPF with neighbors over this interface as root. For example: link from a router to stub site Reduced number of SPF: brings total LFA FRR SPF time down

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

67

Configuration IOS - OSPF OSPF router config mode [no] fast-reroute per-prefix tie-break [required] index

N O T E S

Supported attributes: interface-disjoint broadcast-interface-disjoint srlg downstream node-protecting linecard-disjoint primary-path secondary-path lowest-metric

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Keyword ‘required’ is supported for all attributes except ‘lowestmetric’ If required attribute is missing, skip the path

Cisco Public

68

For Your Reference

Default Tie Breaking OSPF - IOS Tie-Breaker option

Description

Default values IOS OSPF

Comment

srlg (SRLG)

Prefer LFA not sharing the same Share Link Group

10

Shared risk of links

primary-path (PrimPath)

Prefer primary over secondary path

20

Backup is member of ECMP set

interface-disjoint (IntfDj)

Prefer path over other interface than protected one

30

lowest-metric (CostWon)

Prefer lower metric

40

The metric of the backup node to D might be higher than metric of S to D

linecard-disjoint (LC Dj)

Prefer path using different linecard

50

Different linecard means also different interface, hence this is link protecting

node-protecting (NodeProt)

Prefer node protecting over link protecting

60

broadcast-interface-disjoint (BcastDj)

Prefer path not using broadcast segment

70

load-sharing (LoadShare)

Distribute remaining candidates among prefixes sharing the protected path

255

downstream (Downstr)

Prefer node closer to D than S

secondary-pathBRKRST-3020

Prefer secondary over primary path © 2014 Cisco and/or its affiliates. All rights reserved.

Not configurable. This is the catch-at-the-end policy

-

Disabled by default

Cisco Public-

Disabled by default

69

Default Tie Breaking OSPF - IOS router ospf 1

not enabled specifically for one area, so IPFRR includes the AS external prefixes

fast-reroute per-prefix enable prefix-priority low fast-reroute keep-all-paths

enabled for troubleshooting purposes

R1#show ip ospf fast-reroute Loop-free Fast Reroute protected prefixes: Area

Topology name

Priority

Remote LFA Enabled

0

Base

Low

No

AS external

Base

Low

Repair path selection policy tiebreaks (built-in default policy): 10

srlg

20

primary-path

30

interface-disjoint

40

lowest-metric

50

linecard-disjoint

60

node-protecting

70

broadcast-interface-disjoint

256

AS external: this only shows if IPFRR is not enabled for only area(s) priority low indicates that low and high priority prefixes are protected

“downstream” is not present by default configuring tie-breakers removes the defaults!

load-sharing

Last SPF calculation started 5d13h ago and was running for 11 ms. BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

70

IPFRR Statistics for OSPF R1#show ip ospf fast-reroute prefix-summary Area 0: Interface

Protected

Primary paths

Protected paths Percent protected

All

High

Low

All

High

Low

All High

Low

Se6/0

Yes

5

2

3

2

2

0

40% 100%

0%

Se5/0

Yes

8

5

3

2

2

0

25%

40%

0%

Se4/0

Yes

10

6

4

4

4

0

40%

66%

0%

Se3/0

Yes

0

0

0

0

0

0

0%

0%

0%

Se2/0

Yes

3

2

1

2

2

0

66% 100%

0%

Et0/0

Yes

11

6

5

3

3

0

27%

50%

0%

Area total:

37

21

16

13

13

0

35%

61%

0%

Process total:

37

21

16

13

13

0

35%

61%

0

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Coverage in percentage Per area Per interface High - low

Cisco Public

71

Troubleshooting – Remote LFA R1#show ip interface brief Interface

IP-Address

OK? Method Status

Protocol

Ethernet0/0

10.1.5.1

YES manual up

up

Loopback0

10.100.1.1

YES manual up

up

MPLS-Remote-Lfa4

10.1.5.1

YES unset

up

up

MPLS-Remote-Lfa5

10.1.4.1

YES unset

up

up

MPLS-Remote-Lfa6

10.1.4.1

YES unset

up

up

R1#show ip ospf fast-reroute Loop-free Fast Reroute protected prefixes: Area

Topology name

Priority

Remote LFA Enabled

0

Base

High

Yes

Repair path selection policy tiebreaks: 10

secondary-path

20

node-protecting

256

priority low would indicate that high and low priority prefixes are protected

load-sharing

Last SPF calculation started 00:07:40 ago and was running for 37 ms. BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

72

Troubleshooting – Remote LFA R1#show ip ospf fast-reroute remote-lfa tunnels

Interface MPLS-Remote-Lfa4 Tunnel type: MPLS-LDP Tailend router ID: 10.100.1.11 Termination IP address: 10.100.1.11 Outgoing interface: Ethernet0/0 First hop gateway: 10.1.5.6

there can be multiple next hops here as one remote LFA/tunnel can protect multiple next hops/interfaces

Tunnel metric: 21 Protects: 10.1.4.5 Serial5/0, total metric 31

Interface MPLS-Remote-Lfa5

2 remote LFAs to the same PQ node: there are 2 distinct paths to reach the PQ node; different neighbors are protected One tunnel cannot protect both next hops, as the tunnel protecting one next hop uses the other protected next hop as outgoing interface

Tunnel type: MPLS-LDP Tailend router ID: 10.100.1.11 Termination IP address: 10.100.1.11 Outgoing interface: Serial5/0 First hop gateway: 10.1.4.5 Tunnel metric: 20 Protects: 10.1.5.6 Ethernet0/0, total metric 30

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

73

Troubleshooting – Remote LFA R1#sh ip ro 10.100.1.5 Routing entry for 10.100.1.5/32 Known via "ospf 1", distance 110, metric 11, type intra area Last update from 10.1.4.5 on Serial5/0, 01:38:12 ago Routing Descriptor Blocks: * 10.1.4.5, from 10.100.1.5, 01:38:12 ago, via Serial5/0 Route metric is 11, traffic share count is 1 Repair Path: 10.100.1.11, via MPLS-Remote-Lfa4

R1#show ip ospf rib 10.100.1.5 *>

10.100.1.5/32, Intra, cost 11, area 0 SPF Instance 81, age 1d17h Flags: RIB, HiPrio via 10.1.4.5, Serial5/0 Flags: RIB LSA: 1/10.100.1.5/10.100.1.5 repair path via 10.100.1.11, MPLS-Remote-Lfa4, cost 31 Flags: RIB, Repair, IntfDj, BcastDj, LC Dj, LoadShare LSA: 1/10.100.1.5/10.100.1.5

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

MPLS-Remote-LFA4 was choosen because MPLS-Remote-LFA5 goes over Serial5/0, the protected link

Cisco Public

74

Troubleshooting – Remote LFA R1#show ip interface brief Interface IP-Address

OK? Method Status

Protocol

MPLS-Remote-Lfa4 MPLS-Remote-Lfa5

YES unset YES unset

up up

10.1.5.1 10.1.4.1

up up

R1#sh mpls ldp ne 10.100.1.11 Peer LDP Ident: 10.100.1.11:0; Local LDP Ident 10.100.1.1:0 TCP connection: 10.100.1.11.43185 - 10.100.1.1.646 State: Oper; Msgs sent/rcvd: 72/72; Downstream Up time: 00:28:54 LDP discovery sources: targetted Targeted Hello 10.100.1.1 -> 10.100.1.11, active Addresses bound to peer LDP Ident: 10.1.13.11 10.1.18.11 10.1.14.11 10.100.1.11 R1#sh mpls ldp discovery Discovery Sources: Interfaces: Ethernet0/0 (ldp): xmit/recv LDP Id: 10.100.1.6:0 Serial6/0 (ldp): xmit Targeted Hellos: 10.100.1.1 -> 10.100.1.11 (ldp): active, xmit/recv LDP Id: 10.100.1.11:0 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

LDP session

The Targetted LDP Session could be set up either by configuration or the FRR Manager

targetted LDP session Cisco Public

75

For Your Reference

Troubleshooting – Remote LFA primary label

remote LFA label

R1#show ip cef 10.100.1.5 detail 10.100.1.5/32, epoch 0 local label info: global/33 nexthop 10.1.4.5 Serial5/0 label [implicit-null|37] repair: attached-nexthop 10.100.1.11 MPLS-Remote-Lfa4 nexthop 10.100.1.11 MPLS-Remote-Lfa4, repair

NH is remote LDP router-ID R1#show mpls ldp bindings 10.100.1.5 32 lib entry: 10.100.1.5/32, rev 50 local binding: label: 33 remote remote remote remote

binding: binding: binding: binding:

lsr: lsr: lsr: lsr:

10.100.1.2:0, label: 37 10.100.1.4:0, label: 36 10.100.1.5:0, label: imp-null 10.100.1.11:0, label: 37

Broken example R1#show ip cef 10.100.1.5 10.100.1.5/32 nexthop 10.1.4.5 Serial5/0 label [implicit-null|none]

remote LFA label received from the PQ node over the targetted session no remote LFA label: there is something wrong, like no targetted LDP session to PQ node

repair: attached-nexthop 10.100.1.11 MPLS-Remote-Lfa4 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

76

Troubleshooting LFA R1#show ip ospf fast-reroute prefix-summary Area 0: Interface

Protected

coverage is not 100% (for the high priority prefixes)

Primary paths

Protected paths Percent protected

All

High

Low

All

High

Low

All High

Low

Se6/0

Yes

11

5

6

1

1

0

9%

20%

0%

Se5/0

Yes

9

6

3

3

3

0

33%

50%

0%

Se4/0 Se3/0

Yes Yes

7 0

4 0

3 0

4 0

4 0

0 0

57% 100% 0% 0%

0% 0%

Se2/0

Yes

1

1

0

0

0

0

0%

0%

Et0/0

Yes

9

6

3

3

3

0

33%

Area total:

37

22

15

11

11

0

Process total:

37

22

15

11

11

0

# paths: counted as prefixes with unique path so a prefix with 2 next hops in the RIB is counted as 2 paths BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

36% 44%

80% 66%

0% 0%

57% 100%

0%

0%

0%

0%

0%

0%

0%

0%

50%

0%

44%

66%

0%

29%

50%

0%

43%

72%

0%

29%

50%

0%

43%

72%

0%

difference : Remote LFA enabled

Cisco Public

77

Coverage is not 100% §  It is not guaranteed to be 100% §  Perhaps LFA is enabled for one OSPF area only –  This excludes the other area’s –  This excludes all external prefixes

§  Perhaps LFA is only enabled for the high priority prefixes §  Remote LFA –  Some destinations can be behind routers without LDP enabled –  Targetted LDP session can be down –  Perhaps “mpls ldp discovery targeted-hello accept [from ]“ was forgotten

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

78

For Your Reference

Debug IP OSPF Fast-Reroute SPF Detail A major change in the network causes OSPF to run a full SPF and FRSPF OSPF-1 INTRA: Running SPF for area 0, SPF-type Full

Normal full SPF Adding router LSAs and building SPT Adding summaries, externals, etc.

OSPF-1 FRSPF: Scheduling IPFRR SPF, change 'X', area dummy area, instance 440 ... OSPF-1 FRSPF: Create list of candidate neighbors for intra SPF in area 0 OSPF-1 FRSPF: Adding neighbor 10.100.1.8 via Serial6/0 to SPF work queue OSPF-1 FRSPF: Adding neighbor 10.100.1.7 via Ethernet0/0 to SPF work queue ...

Start of FRSPF The neighbors of the calculating router for which rSPf will be run

OSPF-1 FRSPF: Intra-area calcualtion for neighbor 10.100.1.7 in area 0

rSPF for one neighbor

OSPF-1 FRSPF: Add router 10.100.1.7 to P-space via neighbor 10.100.1.7 OSPF-1 FRSPF: Adding first hop via 10.1.5.7 Ethernet0/0 ...

RmtLFA is enabled: extended P-space is built as well P legs are stored in the remote LFA tree

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

79

For Your Reference

Debug IP OSPF Fast-Reroute SPF Detail OSPF-1 FRSPF: Starting RmtLFA scan

Start RmtLFA scan

OSPF-1 FRSPF: Need RmtLFA tunnel for primary gateway 10.1.1.2 Serial2/0 in area 0 due to unprotected 10.1.7.0/24 ...

Neighbors for which there is at least one unprotected prefix: remote LFA will be checked (but not necessarily found) for these neighbors

OSPF-1 FRSPF: RmtLFA starting rSPF in area 0

Start rSPF for RmtLFA

OSPF-1 FRSPF: Intra-area reverse SPF calcualtion for neighbor 10.100.1.6 in area 0

Run rSPF for each of the next-hops, with the next-hop as root

OSPF-1 OSPF-1 20/30, OSPF-1

FRSPF: Found router 10.100.1.11 in Q-space of gateway 10.1.5.6 Eth0/0 FRSPF: protecting via 10.1.4.5 Serial5/0 with tunnel/total cost flags (Repair, IntfDj, BcastDj, SRLG, LC Dj) FRSPF: currently best known tunnel

Found Q leg Trying to match P legs and Q legs, resulting in PQ nodes

OSPF-1 FRSPF: Place tunnels in area 0

Tunnels are placed to PQ nodes

%LDP-5-NBRCHG: LDP Neighbor 10.100.1.13:0 (3) is UP

One or more Targetted LDP neighbors come up

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

80

ISIS - IOS

Configuration IOS - ISIS ISIS router config mode fast-reroute per-prefix {[all] | [route-map map-tag]}

N O T E S

BRKRST-3020

Supported route-map match commands match ip address match tag match interface match ip nexthop

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

82

Configuration IOS - ISIS Interface config mode isis fast-reroute protection disable

N O T E S

enables or disables the interface for protection

BRKRST-3020

isis fast-reroute candidate disable

N O T E S

© 2014 Cisco and/or its affiliates. All rights reserved.

disables using the interface for repair path

Cisco Public

83

Configuration IOS - ISIS Interface config mode isis fast-reroute exclude interface

N O T E S

BRKRST-3020

prevent an interface B from being selected as LFA for any destination whose primary next hop is via interface A (interface on which the command is configured)

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

84

Troubleshooting ISIS-IOS router#show isis fast-reroute summary Load for five secs: 2%/0%; one minute: 1%; five minutes: 1% Time source is hardware calendar, *09:38:52.670 UTC Mon Nov 25 2013 Tag one: IPv4 Fast-Reroute Protection Summary: Prefix Counts:

Total

Protected

Coverage

High priority:

0

0

0%

Normal priority:

16

12

75%

Total:

16

12

75%

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

85

Default Tie Breaking ISIS- IOS “show run all” shows all default commands

show run all | in tie-break fast-reroute tie-break level-1 linecard-disjoint 40 fast-reroute tie-break level-1 lowest-backup-path-metric 30 fast-reroute tie-break level-1 node-protecting 50 fast-reroute tie-break level-1 srlg-disjoint 10 fast-reroute tie-break level-1 primary-path 20 fast-reroute

BRKRST-3020

load-sharing level-1 disable

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

86

For Your Reference

Default Tie Breaking ISIS - IOS Tie-Breaker option

Description

Default values IOS ISIS

Comment

Srlg (SRLG)

Prefer LFA not sharing the same Share Link Group

10

Shared risk of links

primary-path (PrimPath)

Prefer primary over secondary path

20

Backup is member of ECMP set

lowest-backup-path-metric

Prefer lower metric

30

The metric of the backup node to D might be higher than metric of S to D

linecard-disjoint (LC Dj)

Prefer path using different linecard

40

Different linecard means also different interface, hence this is link protecting

node-protecting (NodeProt)

Prefer node protecting over link protecting

50

load-sharing (LoadShare)

Distribute remaining candidates among prefixes sharing the protected path

255

Downstream (Downstr)

Prefer node closer to D than S

-

Disabled by default

secondary-path

Prefer secondary over primary path

-

Disabled by default

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Not configurable. This is the catch-at-the-end policy

87

Troubleshooting ISIS-IOS router#show isis rib 10.1.100.7 255.255.255.255 IPv4 local RIB for IS-IS process one IPV4 unicast topology base (TID 0, TOPOID 0x0) ================= Repair path attributes: DS - Downstream, LC - Linecard-Disjoint, NP - Node-Protecting PP - Primary-Path, SR - SRLG-Disjoint

10.1.100.7/32 [115/L1/20] via 10.1.5.7(GigabitEthernet1/4), from 10.1.100.7, tag 0, LSP[6/17] (installed) repair path: 10.1.6.7(GigabitEthernet1/5) metric:20 (PP,DS,SR) LSP[6]

repair path attributes

[115/L1/20] via 10.1.6.7(GigabitEthernet1/5), from 10.1.100.7, tag 0, LSP[6/17] (installed) repair path: 10.1.5.7(GigabitEthernet1/4) metric:20 (PP,DS,SR) LSP[6]

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

88

Troubleshooting ISIS-IOS router#show isis fast-reroute interfaces Load for five secs: 0%/0%; one minute: 0%; five minutes: 0% Time source is hardware calendar, *10:00:36.834 UTC Mon Nov 25 2013

Tag one - Fast-Reroute Platform Support Information: GigabitEthernet1/9: Protectable: Yes. Usable for repair: Yes GigabitEthernet1/5: Protectable: Yes. Usable for repair: Yes GigabitEthernet1/4: Protectable: Yes. Usable for repair: Yes GigabitEthernet1/10: Protectable: Yes. Usable for repair: Yes

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

This CLI shows whether or not an interface is supported by the platform. An interface may still not be protected or usable for repair due to configuration setting

Cisco Public

89

Troubleshooting ISIS-IOS debug isis fast-reroute path-selection show isis fast-reroute remote-lfa tunnels

router#debug isis fast-reroute path-selection ? <1-199>

Access list of prefixes

<1300-2699>

Access list (expanded range)

level-1

Apply to Level 1

level-2

Apply to Level 2

terse

Minimal fast-reroute path selection debug

Limit output by using ACL when debugging fSPF runs 500 ms after SPF per-level

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

90

Troubleshooting ISIS-IOS router# 10:13:04.914: ISIS-SPF (one): L1 LSP 6 (0000.0000.0007.00-00) flagged for recalculation from 96EB874 10:13:06.914: ISIS-SPF (one): LSP 6 (0000.0000.0007.00-00) Type STD 10:13:06.914: ISIS-SPF (one): spf_result: next_hop_parents:0x14157A48 root_distance:10, parent_count:1, parent_index:1 db_on_paths:1 10:13:06.914: ISIS-SPF (one): Calculating routes for L1 LSP 6 (0000.0000.0007.00-00) 10:13:06.914: ISIS-SPF (one): lsptype:0, current_lsp(0000.0000.0007.00-00)(6) calling isis_walk_lsp

current_lsp:0x20CD10B8, lsp_fragment:0x20CD10B8

10:13:06.914: ISIS-SPF (one): Aging L1 LSP 6 (0000.0000.0007.00-00), version 20 10:13:06.914: ISIS-fSPF (one): SPF/PRC done.

Start frr timer. Level 1

10:13:07.114: ISIS-SPF (one): L1 LSP 1 (0000.0000.0003.00-00) flagged for recalculation from 96EB874

500 ms

10:13:07.414: ISIS-fSPF (one): FRR timer for level 1, mtid 0 expired

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

91

Troubleshooting ISIS-IOS router#show ip route repair-paths 10.1.100.2 Routing entry for 10.1.100.2/32 Known via "isis", distance 115, metric 20, type level-1 Redistributing via isis one Last update from 10.1.12.2 on GigabitEthernet1/9, 00:01:10 ago Routing Descriptor Blocks: * 10.1.12.2, from 10.1.100.2, 00:01:10 ago, via GigabitEthernet1/9 Route metric is 20, traffic share count is 1 Repair Path: 10.1.100.6, via MPLS-Remote-Lfa1 [RPR]10.1.100.6, from 10.1.100.2, 00:01:10 ago, via MPLS-Remote-Lfa1 Route metric is 40, traffic share count is 1

PQ router router#show isis fast-reroute remote-lfa tunnels Tag one - Fast-Reroute Remote-LFA Tunnels: MPLS-Remote-Lfa1: use Gi1/4, nexthop 10.1.5.7, end point 10.1.100.6

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

92

OSPF – IOS-XR

OSPF – IOS-XR What is Stored Extra? §  Per-link LFA: nothing §  Per-prefix LFA –  Per neighbor distance table • 

Distance from neighbor to all other routers in the area

• 

Distance to ASBRs (pocessing Type-4 LSAs)

§  IPFRR SPFs run 500 ms after regular SPF BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

94

Show Route RP/0/RP1/CPU0:MeltDown#show route Tue Nov 12 18:22:22.174 CET Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G

- DAGR

A - access/subscriber, a - Application route, (!) - FRR Backup path Gateway of last resort is 10.48.32.1 to network 0.0.0.0 O E2 1.1.1.1/32 [110/0] via 10.1.2.7, 00:08:34, GigabitEthernet0/0/4/0 (!) [110/20] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3 O

10.1.8.0/24 [110/2] via 10.1.7.4, 00:31:10, GigabitEthernet0/0/4/2

O

10.1.9.0/24 [110/3] via 10.1.7.4, 00:08:34, GigabitEthernet0/0/4/2 [110/0] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3 (!)

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

95

Configuration IOS-XR - OSPF OSPF interface config mode [no] fast-reroute {per-link|per-prefix} [no] fast-reroute per-prefix exclude interface {interface-name} [no] fast-reroute per-prefix lfa-candidate interface {interface-name} used for allowing TE tunnel (explicit-path) other interface types are by default on the lfa-candidate list

[no] fast-reroute per-prefix use-candidate-only

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

96

Configuration IOS-XR - OSPF OSPF router config mode [no] fast-reroute per-prefix load-sharing disable [no] fast-reroute per-prefix priority-limit [critical|high|medium] same or higher priority only will be calculated

[no] fast-reroute per-prefix tiebreaker {downstream|lc-disjoint|lowest-backupmetric|lowest-backup-metric|primary-path|secondary-path} index [no] fast-reroute per-prefix remote-lfa tunnel mpls-ldp [no] fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295> [no] fast-reroute {per-prefix|per-link} use-candidate-only BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

97

Configuration IOS-XR - OSPF OSPF interface config mode [no] fast-reroute per-link lfa-candidate interface {interface-name} [no] fast-reroute per-link use-candidate-only

OSPF router config mode [no] fast-reroute per-prefix priority-limit [critical|high|medium] [no] fast-reroute per-link priority-limit [critical|high|medium]

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

98

LFA -Candidates IOS-XR - OSPF router ospf ldg

RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.2/32 backup-path detail

fast-reroute per-prefix fast-reroute per-prefix use-candidate-only enable

OSPF Route entry for 10.1.100.2/32

address-family ipv4 unicast

Route type:

area 0

Intra-area

Last updated: Jan

mpls traffic-eng

Area: 0.0.0.0,

interface Loopback0

SPF priority: 4,

network point-to-point

RIB version: 0,

!

6 13:05:44.837

Metric: 3 SPF version: 42 Source: Unknown

10.1.2.7, from 10.1.100.2, via GigabitEthernet0/0/4/0, path-id 1

interface tunnel-te3

Backup path:

cost 3

10.1.100.2, from 10.1.100.2, via tunnel-te3, protected bitmap 0x1

!

Attribues: Metric: 4, Downstream, Node Protect, SRLG Disjoint

interface GigabitEthernet0/0/4/0 network point-to-point fast-reroute per-prefix lfa-candidate interface tunnel-te3 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

99

For Your Reference

Default Tie Breaking OSPF – IOS-XR

0 = not considered Tie-Breaker option

Description

node-protecting

Default values IOS-XR OSPF 40

lc-disjoint

Prefer path using different linecard

30

lowest-backup-metric

Prefer lower metric

20

primary-path

Prefer primary over secondary path

10

Downstream

Prefer node closer to D than S

0

SRLG-disjoint

Prefer LFA not sharing the same Share Link Group

0

secondary-path

Prefer secondary over primary path

0

load-sharing (LoadShare)

Distribute remaining candidates among prefixes sharing theand/or protected © 2014 Cisco its affiliates. path All rights reserved.

BRKRST-3020

Comment

255 Cisco Public

Different linecard means also different interface, hence this is link protecting

Prefer primary over secondary path

Can be disabled 100

Troubleshooting OSPF-IOS-XR RP/0/RP1/CPU0:MeltDown#show ospf … IPFRR per-prefix tiebreakers: Name

Index

No Tunnel (Implicit) Node Protection

255 40

Line-card Disjoint

30

Lowest Metric

20

Primary Path

10

Downstream

0

Secondary Path

0

SRLG Disjoint

0

Default or configured tie breakers

… Area BACKBONE(0) Number of interfaces in this area is 4 SPF algorithm executed 24 times Number of LSA 12.

Checksum Sum 0x045507

… Flood list length 0 Number of LFA enabled interfaces 3, LFA revision 29 Number of Per Prefix LFA enabled interfaces 3 Number of neighbors forming in staggered mode 0, 2 full … BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

101

Per-link LFA RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.7/32 backup-path O

10.1.100.7/32, metric 2 area 0.0.0.0 10.1.2.7, from 10.1.100.7, via GigabitEthernet0/0/4/0, path-id 1 Backup path: 10.1.11.3, from 10.1.100.7, via GigabitEthernet0/0/4/3, protected bitmap 0x3 Attribues: Metric: 0,

RP/0/RP1/CPU0:MeltDown#show cef 10.1.100.7/32 10.1.100.7/32, version 315068, internal 0x4004001 (ptr 0x9da3fa88) [1], 0x0 (0x9d482838), 0x450 (0x9e31e1d0) Updated Nov 12 15:37:48.304 remote adjacency to GigabitEthernet0/0/4/0 Prefix Len 32, traffic index 0, precedence n/a, priority 3 via 10.1.2.7, GigabitEthernet0/0/4/0, 6 dependencies, weight 0, class 0, protected [flags 0x400] path-idx 0 bkup-idx 2 NHID 0x0 [0x9e18c554 0x9e18c880] next hop 10.1.2.7 local label 16005

labels imposed {ImplNull}

via 10.1.11.3, GigabitEthernet0/0/4/3, 6 dependencies, weight 0, class 0, backup [flags 0x300] path-idx 2 NHID 0x0 [0x9d772184 0x0] next hop 10.1.11.3 remote adjacency local label 16005 BRKRST-3020

labels imposed {30} © 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

102

Troubleshooting OSPF-IOS-XR RP/0/RP1/CPU0:MeltDown#show route 10.1.100.6/32 detail Routing entry for 10.1.100.6/32 Known via "ospf 1", distance 110, metric 3, type intra area Routing Descriptor Blocks 10.1.1.7, from 10.1.100.7, via GigabitEthernet0/0/4/1, Backup Route metric is 0 Label: None Tunnel ID: None Extended communities count: 0 Path id:33

Path ref count:1

NHID:0x0(Ref:0) 10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2, Protected Route metric is 3 Label: None Tunnel ID: None Extended communities count: 0 Path id:1

Path ref count:0

NHID:0x0(Ref:0) Backup path id:33 Route version is 0xa6 (166) Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (6) SVD Type RIB_SVD_TYPE_LOCAL BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

103

Troubleshooting OSPF-IOS-XR RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.6/32 detail OSPF Route entry for 10.1.100.6/32 Route type:

Intra-area

Last updated: Nov 12 15:12:21.852 Area: 0.0.0.0, Metric: 3 SPF priority: 4, RIB version: 0,

SPF version: 40043 Source: Unknown

10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2

RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.6/32 backup-path Codes: O - Intra area, O IA - Inter area O E1 - External type 1, O E2 - External type 2 O N1 - NSSA external type 1, O N2 - NSSA external type 2 O

10.1.100.6/32, metric 3 area 0.0.0.0 10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2, path-id 1 Backup path: 10.1.1.7, from 10.1.100.7, via GigabitEthernet0/0/4/1, protected bitmap 0x1 Attribues: Metric: 2, Downstream, Node Protect, SRLG Disjoint

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

104

Troubleshooting OSPF-IOS-XR

RP/0/RP1/CPU0:MeltDown#show ospf statistics fast-reroute ospf_show_stats_ipfrr OSPF 1 IPFRR Statistics: Number of paths:

16

Number of paths enabled for protection :

16 (100%)

Number of paths protected:

13 (81%)

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

105

Per Neighbor Distance Table RP/0/RP1/CPU0:MeltDown#show ospf 1 fast-reroute topology 10.1.100.7

Neighbor topology

OSPF Router with ID (10.1.100.1) (Process ID 1) IPFRR Topology for Node 10.1.100.7, Area 0 , LFA revision 42 Node-ID

Distance

Type

Revision

10.1.100.1

1

1

42

10.1.100.2

1

1

42

10.1.100.3

1

1

42

10.1.100.4

2

1

42

10.1.100.5

4

4

42

10.1.100.6

3

1

42

10.1.100.7

0

1

42

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

is not stored for per-link LFA

ASBR

Cisco Public

106

Remote Backup RP/0/RP1/CPU0:MeltDown#show route 10.1.100.6 Routing entry for 10.1.100.6/32 Known via "isis one", distance 115, metric 20, type level-1 Installed Dec 3 08:29:26.036 for 04:29:19 Routing Descriptor Blocks 10.1.7.4, from 10.1.100.6, via GigabitEthernet0/0/4/2, Protected Route metric is 20 10.1.11.3, from 10.1.100.6, via GigabitEthernet0/0/4/3, Backup (remote) Remote LFA is 10.1.100.5 Route metric is 0 No advertising protos.

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

107

Remote Backup RP/0/RP1/CPU0:MeltDown# show mpls ldp forwarding fast-reroute Codes: - = GR label recovering, (!) = LFA FRR pure backup path {} = Label stack with multi-line output for a routing path G = GR, S = Stale, R = Remote LFA FRR backup Prefix

Label

Label(s)

Outgoing

In

Out

Interface

Next Hop

Flags G S R

---------------- ------- -------------- ------------ ------------------- ----10.1.100.2/32 10.1.100.6/32

16001 16004

16001

Gi0/0/4/1

10.1.1.7

27

Gi0/0/4/3

10.1.11.3

37

Gi0/0/4/2

10.1.7.4

{ 29

Gi0/0/4/3

10.1.11.3

16007 }

(!)

(!)

R

MPLS tunnel to 10.1.100.5

(10.1.100.5)

mpls ldp discovery targeted-hello accept BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

108

Debugging IPFRR in OSPF debug ospf trace detail ipfrr

very chatty! redirect output to file

show ospf trace all | in ipfrr

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

109

ISIS – IOS-XR

Configuration IOS-XR - ISIS ISIS interface config mode [no] fast-reroute {per-link|per-prefix} [no] fast-reroute per-prefix exclude interface {interface-name} [no] fast-reroute per-prefix lfa-candidate interface {interface-name} [no] fast-reroute per-prefix level {1-2}

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

used for allowing TE tunnel (explicitpath)

Cisco Public

111

Configuration IOS-XR - ISIS ISIS router config mode [no] fast-reroute per-prefix load-sharing disable [no] fast-reroute per-prefix priority-limit [critical|high|medium] same or higher priority only will be calculated

[no] fast-reroute per-prefix use-candidate-only [no] fast-reroute per-prefix tiebreaker {downstream|lc-disjoint|lowest-backupmetric|lowest-backup-metric|primary-path|secondary-path} index [no] fast-reroute per-prefix remote-lfa tunnel mpls-ldp [no] fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295> BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

112

Configuration IOS-XR - ISIS ISIS interface config mode [no] fast-reroute per-link lfa-candidate interface {interface-name} [no] fast-reroute per-link exclude {interface-name} [no] fast-reroute per-link level {1-2}

ISIS router config mode [no] fast-reroute per-link priority-limit [critical|high|medium] [no] fast-reroute per-link use-candidate-only BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

113

Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show route isis i L1 10.1.100.2/32 [115/30] via 10.1.11.3, 17:00:42, GigabitEthernet0/0/4/3 [115/0] via 10.1.2.7, 17:00:42, GigabitEthernet0/0/4/0 (!)

(!) - FRR Backup path

i L1 10.1.100.3/32 [115/10] via 10.1.11.3, 17:00:42, GigabitEthernet0/0/4/3 [115/0] via 10.1.2.7, 17:00:42, GigabitEthernet0/0/4/0 (!)

(!) - FRR Backup path

RP/0/RP1/CPU0:MeltDown# show route 10.1.100.3 Routing entry for 10.1.100.3/32 Known via "isis one", distance 115, metric 10, type level-1 Routing Descriptor Blocks 10.1.2.7, from 10.1.100.3, via GigabitEthernet0/0/4/0, Backup Route metric is 0 10.1.11.3, from 10.1.100.3, via GigabitEthernet0/0/4/3, Protected Route metric is 10 No advertising protos.

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

114

Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show isis fast-reroute detail 10.1.100.7/32 IS-IS one IPv4 Unicast FRR backups Codes: L1 - level 1, L2 - level 2, ia - interarea (leaked into level 1) df - level 1 default (closest attached router), su - summary null C - connected, S - static, R - RIP, B - BGP, O - OSPF E - EIGRP, A - access/subscriber i - IS-IS (redistributed from another instance) D - Downstream, LC - Line card disjoint, NP - Node protecting P - Primary path, SRLG - SRLG disjoint, TM - Total metric via backup L1 10.1.100.7/32 [20/115] medium priority via 10.1.2.7, GigabitEthernet0/0/4/0, replanet No FRR backup via 10.1.1.7, GigabitEthernet0/0/4/1, replanet FRR backup via 10.1.2.7, GigabitEthernet0/0/4/0, replanet P: Yes, TM: 20, LC: No, NP: No, D: Yes, SRLG: No src replanet.00-00, 10.1.100.7 L2 adv [20] native, propagated BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

115

Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show isis fast-reroute 10.1.100.6/32 detail Tue Dec

3 08:32:32.245 CET

L1 10.1.100.6/32 [20/115] medium priority via 10.1.7.4, GigabitEthernet0/0/4/2, stalin Remote FRR backup via abigor [10.1.100.5], via 10.1.11.3, GigabitEthernet0/0/4/3 kechance P: No, TM: 30, LC: No, NP: No, D: No, SRLG: Yes src burke.00-00, 10.1.100.6

Remote FRR Backup path Targetted LDP session to this LDP router

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

116

Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#show isis fast-reroute summary IS-IS one IPv4 Unicast FRR summary Critical

High

Medium

Low

Priority

Priority

Priority

Priority

Total

All paths protected

0

0

4

10

14

Some paths protected

0

0

0

0

0

Unprotected

0

0

2

2

4

Protection coverage

0.00%

0.00%

66.67%

83.33%

77.78%

Prefixes reachable in L1

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

117

Troubleshooting ISIS-IOS-XR RP/0/RP1/CPU0:MeltDown#debug isis spf frr ? A.B.C.D/length

IPv4 Network to filter debug output on

X:X::X/length

IPv6 Network to filter debug output on

detail

Detail operation of the algorithm on each node

internal

Show internal IS-IS debug(cisco-support)

level

Filter IS-IS debug by level

lsp-id

Filter IS-IS debug by LSP ID

prefix-list

Filter IS-IS debug by prefix list

summary

Overview of route calculation events without detailing results

thread

Filter IS-IS debug by thread(cisco-support)

topology

Filter IS-IS debug by topology

tracepoint

Filter by Tracepoint ID(cisco-support)

verbose

Detail each prefix

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

118

For Your Reference

Default Tie Breaking ISIS – IOS-XR Tie-Breaker option

Description

Default values IOS-XR ISIS

Comment

primary-path (PrimPath)

Prefer primary over secondary path

10

Backup is member of ECMP set

lowest-backup-path-metric

Prefer lower metric

20

The metric of the backup node to D might be higher than metric of S to D

linecard-disjoint (LC Dj)

Prefer path using different linecard

30

Different linecard means also different interface, hence this is link protecting

node-protecting (NodeProt)

Prefer node protecting over link protecting

40

load-sharing (LoadShare)

Distribute remaining candidates among prefixes sharing the protected path

255

Srlg (SRLG)

Prefer LFA not sharing the same Share Link Group

-

Disabled by default

Downstream (Downstr)

Prefer node closer to D than S

-

Disabled by default

secondary-path

Prefer secondary over primary path

-

Disabled by default

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Not configurable. This is the catch-at-the-end policy

119

Configuration Microloop Avoidance Microloop avoidance turned on for rLFA protected prefixes by default!

Both OSPF & ISIS

OSPF router/ISIS router AF config mode

Both IOS & IOS-XR

[no] microloop avoidance [protected] Only for routes which have repair paths. It is recommended to have this keyword when microloop avoidance is enabled manually (i.e. when router does not have the Remote LFA enabled)

[no] microloop avoidance rib-update-delay Delay in milliseconds; default is 5 seconds

debug isis microloop-avoidance [ level-1 | level-2] BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

120

Deployment §  A mix of routers with difference in speed, leads to slower/faster reaction to network events –  Can lead to micro-loops

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

121

EIGRP §  Only Per-Prefix LFA §  EIGRP uses the Diffusing Update Algorithm (DUAL) to calculate the successor and feasible successors §  Uses existing Feasible Successors for repair paths, so no additional computational load §  New: repair route is ready §  Automatically enabled on all interfaces covered by the protocol §  Repair paths can be equal or unequal cost (though variance command) §  Coverage is not necessarily 100% §  Design the network to have Feasible Successors metric calculation (BW and delay only) ⎡ ⎤ 10 7 metric = ⎢ + ∑ delays ⎥ * 256 ⎣ min (bandwidth ) ⎦ BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

122

EIGRP kechance#show ip eigrp topology 10.1.100.1 255.255.255.255

EIGRP-IPv4 VR(one) Topology Entry for AS(1)/ID(10.1.100.3) for 10.1.100.1/32 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1376256, RIB is 10752 Descriptor Blocks: 10.1.11.1 (GigabitEthernet1/10), from 10.1.11.1, Send flag is 0x0 Composite metric is (1376256/131072), route is Internal

Feasibility Condition (loopfree) = Reported Distance (RD) by neighbor is lower than Feasible Distance (FD)

Vector metric: Minimum bandwidth is 1000000 Kbit Total delay is 11000000 picoseconds Reliability is 255/255 Load is 1/255

successor

Minimum MTU is 1500 Hop count is 1 Originating router is 10.1.100.1 10.1.5.7 (GigabitEthernet1/4), from 10.1.5.7, Send flag is 0x0 Composite metric is (1376583/131399), route is Internal Vector metric: Minimum bandwidth is 1000000 Kbit Total delay is 11005000 picoseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1000

feasible successor

Hop count is 2

+ repair path

Originating router is 10.1.100.1

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

123

Configuration IOS - EIGRP EIGRP router config mode [no] fast-reroute load-sharing disable [no] fast-reroute per-prefix {all|route-map} [no] fast-reroute per-prefix tiebreak {lowest-backup-path-metric|interfacedisjoint|linecard-disjoint |srlg-disjoint} router eigrp one ! address-family ipv4 unicast autonomous-system 1 ! topology base fast-reroute per-prefix all exit-af-topology network 10.0.0.0 BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

124

Troubleshooting IOS - EIGRP debug eigrp frr show ip eigrp topology frr router#show ip eigrp topology frr EIGRP-IPv4 VR(one) Topology Table for AS(1)/ID(10.1.100.3) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 10.1.100.1/32, 1 successors, FD is 1376256 via 10.1.11.1 (1376256/131072), GigabitEthernet1/10 via 10.1.5.7 (1376583/131399), GigabitEthernet1/4, [LFA]

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

125

For Your Reference

Default Tie Breaking EIGRP– IOS

Tie-Breaker option

Description

Default values IOS OSPF

Comment Shared risk of links

srlg (SRLG)

Prefer LFA not sharing the same Share Link Group

10

interface-disjoint (IntfDj)

Prefer path over other interface than protected one

20

lowest-backup-path-metric

Prefer lower metric

30

The metric of the backup node to D might be higher than metric of S to D

linecard-disjoint (LC Dj)

Prefer path using different linecard

40

Different linecard means also different interface, hence this is link protecting

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

126

Troubleshooting Roundup §  LFA coverage is not always 100% –  Perhaps LFA is only enabled for one OSPF area only

§  LFA is by default only for the high priority prefixes §  Remote LFA coverage is not always 100% –  –  –  – 

Some destinations can be behind routers without LDP enabled Targetted LDP session can be down Perhaps “mpls ldp discovery targeted-hello accept [from ]“ was forgotten Perhaps LFA is not enabled for external prefixes

§  Check coverage with fast-reroute summary commands §  Enable “fast-reroute keep-all-paths” in IOS in order to easily compare the path attributes §  Use show commands (IOS or IOS-XR equivalent commands) –  –  –  –  – 

show ip route show ip route repair show ip ospf rib Show ip cef check CEF table for backup path and MPLS labels

§  Use debug commands BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

127

Conclusion

Conclusion §  It’s simple –  Simple CLI, simple functionality

§  It’s fast §  It’s rich –  Link, node, SRLG protection

§  Deployment friendly –  No protocol change, local to one router, incremental deployment

§  Good scaling §  Remote LFA to the rescue for difficult topologies –  For example: ring topologies

§  Topology dependant –  Might not be providing 100% coverage BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

129

Call to Action… Visit the World of Solutions:§  Cisco Campus §  Walk-in Labs §  Technical Solutions Clinics §  Meet the Engineer

§  Lunch Time Table Topics, held in the main Catering Hall §  Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014 Presentation_ID

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

130

Complete Your Online Session Evaluation §  Complete your online session evaluation §  Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt

Presentation_ID

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

131

Availability – IPv4 OSPFv2 Per Link LFA

7600 (IOS)

ASR1K (IOSXE)

-

-

ASR901 ASR903 ISR4451--X ME3600 (IOS-XE)

ME3800 CSR1000v

ISIS Per Link LFA OSPFv2 LFA (per prefix)

ASR9K (IOSXR)

CRS1 (IOSXR)

12K (IOS-XR)

4.0.1

3.9.0

4.0.1

4.0.1

3.5.0

4.0.1

15.1(3)S

3.4.0S

3.6.0S

3.8.0S

4.2.0

4.2.0

4.2.0

ISIS LFA (per 15.1(2)S prefix)

3.4.0S

3.6.0S

3.8.0S

4.0.1

4.0.1

4.0.1

5.1.0

4.3.1?

5.1.0

4.3.1?

EIGRP LFA (per prefix)

15.2(4)S

OSPFv2 Remote LFA

15.2(2)S

15.2(2)SNI

15.3(2)S

15.3(2)S

ISIS Remote LFA

15.2(2)S

15.2(2)SNI

15.3(2)S

15.3(2)S

ISIS LFA (per prefix) VPLS 15.1(2)S1 Core BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

3.9.0aS

Cisco Public

133

Availability – IPv6 7600 (IOS) ASR1K (IOS-XE) ASR9K (IOS-XR) Per Link LFA

-

-

CRS1 (IOS-XR)

4.3.1

4.3.1

OSPFv3 LFA (per prefix)

4.3.1

4.3.1

ISIS LFA (per prefix)

4.3.1

4.3.1

EIGRP LFA (per prefix) OSPFv3 Remote LFA ISIS Remote LFA

BRKRST-3020

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Public

134