Routing Configuration Guide for Cisco 8000 Series Routers, IOS XR Release 24.1.x, 24.2.x, 24.3.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Fast Reroute Loop-Free Alternate feature enables you to tunnel a packet around a failed link to a remote loop-free alternate
that is more than one hop away.
Prerequisites for IPv4/IPv6 Loop-Free Alternate Fast Reroute
Loop-Free Alternate (LFA) Fast Reroute (FRR) can protect paths that are reachable through an interface only if the interface
is a point-to-point interface.
Restrictions for Loop-Free Alternate Fast Reroute
The remote LFA backup path for MPLS traffic can be setup only using LDP.
LFA calculations are restricted to interfaces or links belonging to the same level or area. Hence, excluding all neighbors
on the same LAN when computing the backup LFA can result in repairs being unavailable in a subset of topologies.
Only physical interfaces are protected. Subinterfaces, tunnels, and virtual interfaces are not protected.
IPv4 and IPv6 LFA FRR not supported over TE tunnel.
IS-IS and IP FRR
When a local link fails in a network, IS-IS recomputes new primary next-hop routes for all affected prefixes. These prefixes
are updated in the RIB and the Forwarding Information Base (FIB). Until the primary prefixes are updated in the forwarding
plane, traffic directed towards the affected prefixes are discarded. This process can take hundreds of milliseconds.
In IP FRR, IS-IS computes LFA next-hop routes for the forwarding plane to use in case of primary path failures. LFA is computed
per prefix.
When there are multiple LFAs for a given primary path, IS-IS uses a tiebreaking rule to pick a single LFA for a primary path.
In case of a primary path with multiple LFA paths, prefixes are distributed equally among LFA paths.
Repair Paths
Repair paths forward traffic during a routing transition. When a link or a router fails, due to the loss of a physical layer
signal, initially, only the neighboring routers are aware of the failure. All other routers in the network are unaware of
the nature and location of this failure until information about this failure is propagated through a routing protocol, which
may take several hundred milliseconds. It is, therefore, necessary to arrange for packets affected by the network failure
to be steered to their destinations.
A router adjacent to the failed link employs a set of repair paths for packets that would have used the failed link. These
repair paths are used from the time the router detects the failure until the routing transition is complete. By the time the
routing transition is complete, all routers in the network revise their forwarding data and the failed link is eliminated
from the routing computation.
Repair paths are precomputed in anticipation of failures so that they can be activated the moment a failure is detected.
The LFA FRR feature uses the following repair paths:
Equal Cost Multipath (ECMP) uses a link as a member of an equal cost path-split set for a destination. The other members of
the set can provide an alternative path when the link fails.
LFA is a next-hop route that delivers a packet to its destination without looping back. Downstream paths are a subset of LFAs.
LFA Overview
LFA is a node other than the primary neighbor. Traffic is redirected to an LFA after a network failure. An LFA makes the forwarding
decision without any knowledge of the failure.
An LFA must neither use a failed element nor use a protecting node to forward traffic. An LFA must not cause loops. By default,
LFA is enabled on all supported interfaces as long as the interface can be used as a primary path.
Advantages of using per-prefix LFAs are as follows:
The repair path forwards traffic during transition when the primary path link is down.
All destinations having a per-prefix LFA are protected. This leaves only a subset (a node at the far side of the failure)
unprotected.
LFA Calculation
The general algorithms to compute per-prefix LFAs can be found in RFC 5286. IS-IS implements RFC 5286 with a small change
to reduce memory usage. Instead of performing a Shortest Path First (SPF) calculation for all neighbors before examining prefixes
for protection, IS-IS examines prefixes after SPF calculation is performed for each neighbor. Because IS-IS examines prefixes
after SPF calculation is performed, IS-IS retains the best repair path after SPF calculation is performed for each neighbor.
IS-IS does not have to save SPF results for all neighbors.
Interaction Between RIB and Routing Protocols
A routing protocol computes repair paths for prefixes by implementing tiebreaking algorithms. The end result of the computation
is a set of prefixes with primary paths, where some primary paths are associated with repair paths.
A tiebreaking algorithm considers LFAs that satisfy certain conditions or have certain attributes. When there is more than
one LFA, configure the fast-reroute per-prefix command with the tie-break keyword. If a rule eliminates all candidate LFAs, then the rule is skipped.
A primary path can have multiple LFAs. A routing protocol is required to implement default tiebreaking rules and to allow
you to modify these rules. The objective of the tiebreaking algorithm is to eliminate multiple candidate LFAs, select one
LFA per primary path per prefix, and distribute the traffic over multiple candidate LFAs when the primary path fails.
Tiebreaking rules cannot eliminate all candidates.
The following attributes are used for tiebreaking:
Downstream—Eliminates candidates whose metric to the protected destination is lower than the metric of the protecting node
to the destination.
Linecard-disjoint—Eliminates candidates sharing the same linecard with the protected path.
Shared Risk Link Group (SRLG)—Eliminates candidates that belong to one of the protected path SRLGs.
Load-sharing—Distributes remaining candidates among prefixes sharing the protected path.
Lowest-repair-path-metric—Eliminates candidates whose metric to the protected prefix is higher.
Node protecting—Eliminates candidates that are not node protected.
Primary-path—Eliminates candidates that are not ECMPs.
Secondary-path—Eliminates candidates that are ECMPs.
Fast Reroute with Remote Loop-Free Alternate
Fast Reroute with Remote Loop-Free Alternate (FRR Remote LFA) feature enables you to tunnel a packet around a failed link
to a remote loop-free alternate that is more than one hop away.
When a link or a router fails, distributed routing algorithms compute new routes that take into account the failure. The time
taken for computation is called routing transition. Until the transition is complete and all routers are converged on a common
view of the network, the connectivity between the source and destination pairs is interrupted. You can use the IP Loop-Free
Alternate (LFA) Fast Reroute (FRR) to reduce the routing transition time to less than 50 milliseconds using a precomputed
alternate next hop. When a router is notified of a link failure, the router immediately switches over to the repair path to
reduce traffic loss. Note that the routing transition in IGP/BGP convergence can take up to several hundreds of milliseconds.
IP Loop-Free Alternate (LFA) Fast Reroute (FRR) supports the precomputation of repair paths. Intermediate System-to-Intermediate
System (IS-IS) routing protocol enables the repair path computation. The resulting repair paths are sent to the Routing Information
Base (RIB). Cisco Express Forwarding (formerly known as CEF) and Open Shortest Path First (OSPF) installs the repair path.
With IP local LFA FRR, IGPs only compute directly connected neighbor as an LFA backup path to protect the given prefix's
primary path. Label Distribution Protocol (LDP) sets up labeled backup LSP with the next-hop for the protected prefix. Some
topologies (for example the commonly used ring-based topology) require protection that is not afforded by LFA FRR. In such
cases, use the LDP-based FRR Remote LFA feature where IGPs compute non-directly connected neighbor, which are more than one
hop away, as LFA backup path to protect the given prefix's primary path. The LDP sets up labeled backup LSP with the remote
next-hop for the protected prefix. LDP also sets up another transport LSP to tunnel traffic to remote next-hop without exposing
the LFA backup label as learnt from remote node.
Consider the topology shown in the figure below:
Figure 1. FRR with Remote LFA with Ring Topology
Device A tries to send traffic destined to F to next-hop B. Device B cannot be used as an LFA for prefixes advertised by nodes
C and F. The actual LFA is node D. However, node D is not directly connected to the protecting node A. To protect prefixes
advertised by C, node A must tunnel the packet around the failed link A-C to node D, provided that the tunnel does not traverse
the failing link.
FRR Remote LFA feature enables you to tunnel a packet around a failed link to a remote loop-free alternate that is more than
one hop away. In the figure above, the green arrow between A and D shows the tunnel that is automatically created by the remote
LFA feature to bypass looping.
Feedback