Configure Loop-Free Alternate Path with OSPFv2
Available Languages
Contents
Introduction
This document describes how Loop-Free Alternate (LFA) mechanism provides fast reroute of traffic in network. It also discusses two types of LFA protection- Link protection and Node protection and their applicability in order to provide minimum disruption to services because of a link or node failure.
Prerequisites
Requirements
Cisco recommends that you have knowledge of Open Shortest Path First (OSPFv2).
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Background Information
When a link or node failure occurs in a routed network, there is inevitably a period of disruption to the delivery of traffic until the routing protocol re-converges on the new topology. In modern day world, applications are very sensitive to any traffic loss and hence traffic disruption caused due to convergence of link-state protocols like OSPF and Intermediate System - Intermediate System (ISIS) can affect services in a negative manner.
Traditionally, link state protocols despite of having full view of the database, never calculated a backup route. LFA aims to calculate a backup route that can be used to route traffic, in case of a failure of a directly connected link or node on primary path. LFA calculates a backup next-hop for every primary next-hop and accordingly programs Cisco Express Forwarding (CEF) table as well.
Conditions for LFA
There is a set of pre-defined conditions that have to be met for LFA in order to successfully provide a backup route against link or node protection. The table here defines the terminology that can be used to explain these conditions or inequalities.
Inequality One
D(N,D) < D(N,S) + D(S,D) // Link Protection.
If this condition holds true, then it ensures that the neighbor N (backup next-hop router under investigation) is able to provide a LFA path for protection against link-failure. This condition ensures that in the event of primary link failure, traffic sent in order to backup the next hop N is not sent back to S, as shown in the image.
These links have been marked with their respective OSPF costs. Primary OSPF path from source S to destination D would be S > E > D. These OSPF cost values satisfy this inequality, hence node N provides a minimum of Link Protection.
15 < 5 + 15 ------> Inequality holds true
Inequality Two
D(N,D) < D(S,D) // Downstream Path
If this condition holds true, it ensures that neighbor N (potential backup next-hop router) is a downstream router and is closer to the destination router than local router S.
As shown here, Inequality two does not hold true for OSPF cost values as described in diagram 1. Hence, backup next hop router N is not a downstream neighbor.
15 < 15 ------> Inequality holds false
Inequality Three
D(N,D) < D(N,E) + D(E,D) // Node Protection
If this condition is met, neighbor N is successfully able to provide node protection in the event primary next hop router E fails. This condition ensures that LFA path cannot use E to deliver traffic to destination router D. This is in line with definition of loop-free node-protection as shown in the image.
Again, primary path for S to reach D is S > E > D with a cost of 15. Now, if the primary next hop to E fails, alternate path must be such that traffic does not flow via failed node E, otherwise there is traffic loss. These cost values successfully satisfy this inequality, therefore N is able to provide node protection against node E's failure.
25 < 20 + 10 ------> Inequality holds true
LFA Route Selection Criteria
Here are the backup prefix selection criteria with their preference in decreasing order. In the event of two backup routes available for a protected primary prefix, only one is selected based on these mentioned ordered list of attributes they carry. Here is a brief explanation about these attributes.
Repair path selection policy tiebreaks (built-in default policy).
- 10 srlg
- 20 primary-path
- 30 interface-disjoint
- 40 lowest-metric
- 50 linecard-disjoint
- 60 node-protecting
- 70 broadcast-interface-disjoint
- 256 load-sharing
- Shared Risk Link Group (SRLG): Default LFA policy tries to avoid a path that carries same SRLG as primary path. Assume multiple routers use the same switch, so they all be sharing the same risk.
- Primary-path: This helps to eliminate candidates that are not equal cost multiple path links or ECMPs.
- Interface-Disjoint: This means that repair path is over a different interface as compared to the interface used to reach destination via primary path. In case of point-to-point links, this condition is always met.
- Lowest-metric: Select a backup path with minimum cost to reach destination.
- Linecard-disjoint: This prefers a backup route from an interface that is on another line card. This is also a special case of SRLG however; this does not require any special configuration and is handled automatically.
- Node-protecting: Repair path all together bypasses primary path next-hop router. This ensures complete traffic protection even in the event of primary next-hop router failure.
- Broadcast-interface-disjoint : This attributes helps to ensure that repair path does not make use of same broadcast network used by primary path.
- Load-sharing: Traffic is load shared amongst candidate back up routes when all other checks discussed above fail to provide a unique back up path.
Configure
Network Diagram
Configurations
R1
!
interface Loopback1
ip address 10.1.1.1 255.255.255.255
!
router ospf 1
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute keep-all-paths
network 10.1.1.1 0.0.0.0 area 0
network 10.10.12.1 0.0.0.0 area 0
network 10.10.13.1 0.0.0.0 area 0
network 10.10.14.1 0.0.0.0 area 0
!
R2
!
interface Loopback1
ip address 10.2.2.2 255.255.255.255
end
!
router ospf 1
network 10.2.2.2 0.0.0.0 area 0
network 10.10.12.2 0.0.0.0 area 0
network 10.10.23.2 0.0.0.0 area 0
network 10.10.24.2 0.0.0.0 area 0
!
R3
!
interface Loopback1
ip address 10.3.3.3 255.255.255.255
!
router ospf 1
network 10.3.3.3 0.0.0.0 area 0
network 10.10.13.3 0.0.0.0 area 0
network 10.10.23.3 0.0.0.0 area 0
network 10.10.34.3 0.0.0.0 area 0
!
R4
!
interface Loopback1
ip address 10.4.4.4 255.255.255.255
!
router ospf 1
network 10.4.4.4 0.0.0.0 area 0
network 10.10.14.4 0.0.0.0 area 0
network 10.10.24.4 0.0.0.0 area 0
network 10.10.34.4 0.0.0.0 area 0
!
Verify
Use this section in order to confirm that your configuration works properly.
Case 1. Link Protection
Consider this case discussing link-protection for end destination prefix 10.4.4.4/32, i.e. interface loopback 0 of R4.
Primary path is R1 > R4 as shown in the image.
These mentioned cost values in table when put in Inequality 1 as shown here for R2 and R3, it is observed that only R2 is able to satisfy the condition.
D(N,D) < D(N,S) + D(S,D) // Link Protection.
For R2:
10 < 10 + 10 ------> Inequality Passed
For R3:
20 < 10 + 10 ------> Inequality Failed
This ensures that R2 can provide an LFA in the event of failure of primary link between R1 and R4. Since R3 does not satisfy given inequality, it fails to provide an LFA path.
R1#show ip route 10.4.4.4
Routing entry for 10.4.4.4/32
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from 10.10.14.4 on Ethernet1/0, 01:08:00 ago
Routing Descriptor Blocks:
* 10.10.14.4, from 10.4.4.4, 01:08:00 ago, via Ethernet1/0
Route metric is 11, traffic share count is 1
Repair Path: 10.10.12.2, via Ethernet0/0
R1#show ip ospf rib 10.4.4.4
OSPF Router with ID (10.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator
*> 10.4.4.4/32, Intra, cost 11, area 0
SPF Instance 12, age 01:01:00
Flags: RIB, HiPrio
via 10.10.14.4, Ethernet1/0
Flags: RIB
LSA: 1/10.4.4.4/10.4.4.4
repair path via 10.10.12.2, Ethernet0/0, cost 21
Flags: RIB, Repair, IntfDj, BcastDj, LC Dj
LSA: 1/10.4.4.4/10.4.4.4
There are several flags seen in the output and they carry important meaning as explained here.
- HiPrio: By default OSPF treats all loopback or /32 prefixes as high priority prefixes. However priority for these prefixes can be manually defined with this command. Higher priority prefixes in OSPF are calculated and programmed slightly earlier than lower priority ones however difference in time is very less.
R1(config-router)#fast-reroute per-prefix enable area 0 prefix-priority ?
high High priority prefixes
low Low priority prefixes
- IntfDj: This shows that repair path used a different interface (Eth0/0) as compared to primary path (Eth1/0).
- BcastDj: This shows that repair path used a different broadcast interface (Eth0/0) as compared to primary path (Eth1/0).
- LC Dj: This flag shows that repair path used a different linecard (Eth0/0, module 0) as compared to primary path (Eth1/0, module 1).
Case 2. Node Protection
Consider this case discussing node-protection for end destination prefix 10.3.3.3/32, i.e. interface loopback 0 of R3.
Primary path is R1 > R4 > R3 as shown in the image.
The mentioned cost values in table satisfy inequality number 3 as shown below for R2.
D(N,D) < D(N,E) + D(E,D) // Node
10 < 10 + 15 ------> Inequality Passed
The required condition for a router to provide node protection is met, hence R2 is able to provide node protection in the event of primary next hop R4 fails.
R1#show ip route 10.3.3.3
Routing entry for 10.3.3.3/32
Known via "ospf 1", distance 110, metric 31, type intra area
Last update from 10.10.14.4 on Ethernet1/0, 00:08:24 ago
Routing Descriptor Blocks:
* 10.10.14.4, from 10.3.3.3, 00:08:24 ago, via Ethernet1/0
Route metric is 31, traffic share count is 1
Repair Path: 10.10.12.2, via Ethernet0/0
R1#show ip route repair-paths 10.3.3.3
Routing entry for 10.3.3.3/32
Known via "ospf 1", distance 110, metric 31, type intra area
Last update from 10.10.14.4 on Ethernet1/0, 01:14:49 ago
Routing Descriptor Blocks:
* 10.10.14.4, from 10.3.3.3, 01:14:49 ago, via Ethernet1/0
Route metric is 31, traffic share count is 1
Repair Path: 10.10.12.2, via Ethernet0/0
[RPR]10.10.12.2, from 10.3.3.3, 01:14:49 ago, via Ethernet0/0
Route metric is 41, traffic share count is 1
R1#show ip ospf rib 10.3.3.3
OSPF Router with ID (10.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator
*> 10.3.3.3/32, Intra, cost 31, area 0
SPF Instance 27, age 00:08:49
Flags: RIB, HiPrio
via 10.10.14.4, Ethernet1/0
Flags: RIB
LSA: 1/10.3.3.3/10.3.3.3
repair path via 10.10.12.2, Ethernet0/0, cost 41
Flags: RIB, Repair, IntfDj, BcastDj, LC Dj, NodeProt, Downstr // Node Protect
LSA: 1/10.3.3.3/10.3.3.3
There are two new flags seen in these output and are explained here:
- NodeProt: This flag shows that R2 provides node protection against failure of primary next hop R4.
- Downstr: This flag shows that R2 is closer to destination than local router R1.
Case 3. Modify Inbuilt Policy
It is also possible to modify default in-built policy and the order in which various attributes are considered when you select a backup next-hop router. This order can be changed with the command fast-reroute per-prefix tie-break <attribute> index <n>.
The example creates a new policy with only lowest-metric and srlg.
!
router ospf 1
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute per-prefix tie-break lowest-metric index 10
fast-reroute per-prefix tie-break srlg index 20
fast-reroute keep-all-paths
network 10.1.1.1 0.0.0.0 area 0
network 10.10.12.1 0.0.0.0 area 0
network 10.10.13.1 0.0.0.0 area 0
network 10.10.14.1 0.0.0.0 area 0
!
interface Ethernet0/1
srlg gid 10 // srlg group 10
ip address 10.10.13.1 255.255.255.0
ip ospf cost 10
!
interface Ethernet1/0
srlg gid 10 // srlg group 10
ip address 10.10.14.1 255.255.255.0
ip ospf cost 20
!
Doing so, all other attributes of default policy gets removed and the only attributes that are used are lowest-metric, srlg and load-sharing which is always present by default.
R1#show ip ospf fast-reroute
OSPF Router with ID (10.1.1.1) (Process ID 1)
Loop-free Fast Reroute protected prefixes:
Area Topology name Priority Remote LFA Enabled
0 Base High No
Repair path selection policy tiebreaks:
10 lowest-metric
20 srlg
256 load-sharing
The topology and configured OSPF cost values that help understand the behavior of customized policy is as shown in the image.
R1#show ip ospf rib 10.3.3.3
OSPF Router with ID (10.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator
*> 10.3.3.3/32, Intra, cost 11, area 0
SPF Instance 65, age 00:07:55
Flags: RIB, HiPrio
via 10.10.13.3, Ethernet0/1
Flags: RIB
LSA: 1/10.3.3.3/10.3.3.3
repair path via 10.10.14.4, Ethernet1/0, cost 41
Flags: RIB, Repair, IntfDj, BcastDj, SRLG, LC Dj, CostWon // Better cost
LSA: 1/10.3.3.3/10.3.3.3
repair path via 10.10.12.2, Ethernet0/0, cost 51
Flags: Ignore, Repair, IntfDj, BcastDj // Ignored
LSA: 1/10.3.3.3/10.3.3.3
These output shows that primary path to reach 10.3.3.3/3.2, R3’s loopback 0 is via Eth0/1. Other than this there are two nodes R2 and R4 that both provide link protection. Link R1-R4 has been put in same SRLG as primary link R1-R3. As per default policy, R4 must not be chosen as backup next hop on grounds of SRLG. However, above defined policy gives preference to metric over SRLG. Therefore, since cost to reach 10.3.3.3/32 is lower via R4, hence it is chosen as backup path in spite of same SRLG.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)