Remote Loop Free Alternate Path with OSPFv2
Available Languages
Contents
Introduction
This document describes how Remote Loop-Free Alternate (LFA) mechanism provides fast reroute of traffic in an Multiprotocol Label Switching (MPLS) enabled network.
Remote LFA provides a mechanism where if direct LFA path is not available, traffic can be tunneled to a remote node that can still deliver traffic to end destination within 50 millisecond turnaround time.
Prerequisites
Requirements
Cisco recommends that you have knowledge of:
- Open Shortest Path First (OSPFv2)
- MPLS
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Background Information
In today's fast paced network, any disruption to the network even for few seconds could hamper sensitive applications. If there is a node or link failure in network along the primary path, packets can be dropped till the point routing protocols like OSPF, Intermediate System-to-Intermediate System (ISIS), and Enhanced Interior Gateway Routing Protocol (EIGRP) converge. Link state protocols like OSPF and ISIS have no mechanism like EIGRPin order to have a backup route pre-computed proactively that can be used in case of failure of primary route.
Directly connected LFA and remote LFA are two mechanisms used in conjunction with OSPF and ISIS in order to have a backup route/path in place. This backup path is used in case of failure of primary route and is used only till the point OSPF or ISIS re-converges. This helps to deliver packets to the destination while OSPF or ISIS converges, as shown in the image.
The links are marked with their respective OSPF costs. Cost to reach 10.6.6.6 from R1 is 21 and its primary path is R1 > R5 > R6.
R1 > R5 > R6 > Loopback0 // OSPF cost 21
When R2 is checked against direct LFA inequalities, it does not pass them hence fails to provide a direct LFA path for 10.6.6.6:
D(N,D) < D(N,S) + D(S,D) // Link Protection 41 < 10 + 21 // Equality fails
Since R2 does not pass the basic condition needed in order to provide direct LFA path, R2 cannot serve as a backup path in the event of failure of R1-R5 link.
For more details on direct LFA, refer .
However, if during R1-R5 failure, traffic from R1 can be tunneled to R3, an alternate backup path can be achieved. This mechanism of tunneling packets to a remote node that can provide LFA path is called remote LFA. Packets destined to R3 via tunnel are forwarded to R6 without any obstruction as failed link, R1-R5 does not come in its primary path to reach 10.6.6.6 as shown in the image.
Tunnel built is an MPLS LDP tunnel. Therefore, it requires LDP to be enabled in environment. However, pre-requisite for running remote LFA is direct LFA, else LDP tunnel does not come up.
Terminology
There are few terms used with remote-LFA and these are explained here.
- P Space - This defined the set of other routers R1 can reach without traversing over failed link. This requires Shortest Path Tree (SPT) algorithm to be run with root at R1. For example, in the topology, P space of R1 would be R2 and R3.
- Q Space - This defines the set of routers that can reach R5 without traversing the failed link. This requires an SPT to be run rooted at R5. So, Q space of R5 would be R3 and R4.
- PQ node - This is the node which is common to both P and Q space. In this case, R3 is common and is selected as PQ or also known as release node. This is the node where remote LFA tunnel is terminated. There could be multiple such PQ nodes, however only one is selected as per the algorithm.
Configure
Network Diagram
All prefixes are first checked against direct LFA path availability for protection. Prefixes that do not have a direct LFA protection are considered for remote LFA protection.
Commands to enable directly connected LFA:
fast-reroute per-prefix enable area 0 prefix-priority high fast-reroute keep-all-paths
Command to enable remote LFA:
fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
R1
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.12.1 255.255.255.0
mpls ip
!
interface Ethernet0/1
no ip address
!
interface Ethernet0/2
ip address 10.0.15.1 255.255.255.0
mpls ip
router ospf 100
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
fast-reroute keep-all-paths
network 10.0.0.0 0.255.255.255 area 0
R2
interface Loopback0
ip address 10.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.12.2 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip address 10.0.23.2 255.255.255.0
mpls ip
router ospf 100
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
fast-reroute keep-all-paths
network 10.0.0.0 0.255.255.255 area 0
R3
interface Loopback0
ip address 10.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.34.3 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip address 10.0.23.3 255.255.255.0
mpls ip
router ospf 100
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
fast-reroute keep-all-paths
network 10.0.0.0 0.255.255.255 area 0
R4
interface Loopback0
ip address 10.4.4.4 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.34.4 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip address 10.0.45.4 255.255.255.0
mpls ip
router ospf 100
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
fast-reroute keep-all-paths
network 10.0.0.0 0.255.255.255 area 0
R5
interface Loopback0
ip address 10.5.5.5 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.56.5 255.255.255.0
!
interface Ethernet0/1
ip address 10.0.45.5 255.255.255.0
mpls ip
!
interface Ethernet0/2
ip address 10.0.15.5 255.255.255.0
mpls ip
router ospf 100
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
fast-reroute keep-all-paths
network 10.0.0.0 0.255.255.255 area 0
R6
interface Loopback0
ip address 10.6.6.6 255.255.255.0
!
interface Ethernet0/0
ip address 10.0.56.6 255.255.255.0
mpls ip
router ospf 100
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute keep-all-paths
network 10.0.0.0 0.255.255.255 area 0
Understand MPLS-Remote-LFA Tunnel Functionality
Remote LFA computations are done on per-primary next-hop basis. If there are couple of prefixes that share same primary next-hop then all prefixes would share same LFA tunnel and PQ node or release node. Remote LFA computation resulted in selection of R3 as PQ or release node as shown in the image.
For R6's loopback 10.6.6.6, primary path for traffic to flow is via R1 > R5 > R6 as shown here.
R1#show ip route 10.6.6.6
Routing entry for 10.6.6.6/32
Known via "ospf 100", distance 110, metric 21, type intra area
Last update from 10.0.15.5 on Ethernet0/2, 00:08:56 ago
Routing Descriptor Blocks:
* 10.0.15.5, from 10.6.6.6, 00:08:56 ago, via Ethernet0/2 // Primary path
Route metric is 21, traffic share count is 1
Repair Path: 10.3.3.3, via MPLS-Remote-Lfa3 // Also a backup MPLS remote tunnel has been established
This back up tunnel is setup automatically between R1 and PQ/release node R3 that has been calculated by algorithm. This results in establishment of a targeted LDP session between R1 and R3 for exchange of labels.
R1#show mpls ldp neighbor 10.3.3.3
Peer LDP Ident: 10.3.3.3:0; Local LDP Ident 10.1.1.1:0
TCP connection: 10.3.3.3.22164 - 10.1.1.1.646
State: Oper; Msgs sent/rcvd: 28/29; Downstream
Up time: 00:12:08
LDP discovery sources:
Targeted Hello 10.1.1.1 -> 10.3.3.3, active, passive
Addresses bound to peer LDP Ident:
10.0.34.3 10.3.3.3 10.0.23.3
Targeted LDP session built between R1 and R3 is used by PQ/release (R3) node in order to share MPLS label of protected prefixes (10.6.6.6 in this case) with R1. Here, it is seen that R3 has an MPLS label of 18 to do label switching of traffic towards R6's loopback. This label 18 is shared by R3 with R1 via LDP and is stored as a backup label on R1.
R1#show ip cef 10.6.6.6
10.6.6.6/32 // 23 is primary label
nexthop 10.0.15.5 Ethernet0/2 label [23|18] // 18 is backup label shared by R3
repair: attached-nexthop 10.3.3.3 MPLS-Remote-Lfa3
R1#show mpls forwarding-table 10.3.3.3
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
21 21 10.3.3.3/32 0 Et0/0 10.0.12.2
R3#show mpls forwarding-table 10.6.6.6
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
18 18 10.6.6.6/32 0 Et0/0 10.0.34.4
As long as R1-R5 link is alive (primary path), traffic is forwarded via MPLS LSP with label 23 (label to reach 10.6.6.6 over primary path). However, when R1-R5 link goes down, traffic is switched via repair path over MPLS-Remote-Lfa3. The IP packet at R1 during this failure is imposed with an extra label. Inner label is the one learnt via targeted LDP session and outer label is in order to reach PQ node (R3 in this case) as shown in the image.
- Inner label - Label for 10.6.6.6 provided by R3 over LDP to R1.
- Outer Label - Label that R1 has for R3's loopback.
Outer Label Inner Label Inner IP Packet
So, traffic is labelled switched with outer label 21 to reach PQ node R3. Once traffic reaches R3, outer label is removed (or may be removed by R2 due to penultimate hop popping). R3 finds the inner label value of 18 and it checks its MPLS forwarding table and forwards it accordingly as shown in the image.
Verify
Use this section in order to confirm that your configuration works properly.
Verifying Functionality
As discussed, example prefix that is protected is 10.6.6.6/32 i.e. loopback0 of R6. The primary path for R1 to reach R6's loopback is via R1 > R5 > R6 as shown in the outputs. In these outputs, along with primary forwarding path, another repair path is listed that is used in the event of primary link between R1 and R5 goes down:
R1#show ip int brief | in up
Ethernet0/0 10.0.12.1 YES NVRAM up up
Ethernet0/2 10.0.15.1 YES NVRAM up up
Loopback0 10.1.1.1 YES NVRAM up up
MPLS-Remote-Lfa3 10.0.12.1 YES unset up up
MPLS-Remote-Lfa4 10.0.15.1 YES unset up up
R1#show ip route 10.6.6.6
Routing entry for 10.6.6.6/32
Known via "ospf 100", distance 110, metric 21, type intra area
Last update from 10.0.15.5 on Ethernet0/2, 01:45:54 ago
Routing Descriptor Blocks:
* 10.0.15.5, from 10.6.6.6, 01:45:54 ago, via Ethernet0/2
Route metric is 21, traffic share count is 1
Repair Path: 10.3.3.3, via MPLS-Remote-Lfa3
R1#show ip ospf rib 10.6.6.6
OSPF Router with ID (10.1.1.1) (Process ID 100)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator
*> 10.6.6.6/32, Intra, cost 21, area 0
SPF Instance 10, age 01:48:22
Flags: RIB, HiPrio
via 10.0.15.5, Ethernet0/2
Flags: RIB
LSA: 1/10.6.6.6/10.6.6.6
repair path via 10.3.3.3, MPLS-Remote-Lfa3, cost 40 // MPLS LFA tunnel chosen as
Flags: RIB, Repair, IntfDj, BcastDj, CostWon backup
LSA: 1/10.6.6.6/10.6.6.6
So, during the period of convergence of OSPF after primary link failure (R1-R5), traffic is switched with the use of MPLS repair tunnels. This tunnel originates from R1 and terminates at R3 (PQ node) 10.3.3.3. It also mentions that it provides protection against link 10.0.15.5, Ethernet 0/2 which is primary path for traffic to 10.6.6.6 from R1.
R1#show ip ospf fast-reroute remote-lfa tunnels
OSPF Router with ID (10.1.1.1) (Process ID 100)
Area with ID (0)
Base Topology (MTID 0)
Interface MPLS-Remote-Lfa3 // Remote lfa tunnel
Tunnel type: MPLS-LDP
Tailend router ID: 10.3.3.3
Termination IP address: 10.3.3.3
Outgoing interface: Ethernet0/0
First hop gateway: 10.0.12.2
Tunnel metric: 20
Protects:
10.0.15.5 Ethernet0/2, total metric 40
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Feedback