Routing Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 24.1.x, 24.2.x, 24.3.x, 24.4.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Fast Reroute Loop-Free Alternate feature enables you to tunnel a packet around a failed link to a remote loop-free alternate
that is more than one hop away.
Prerequisites for Fast Reroute with Loop-Free Alternate
Fast Reroute with Loop-Free Alternate functionality can protect paths that are reachable through an interface only if the
interface is a point-to-point interface.
When a LAN
interface is physically connected to a single neighbor, you should configure
the LAN interface as a point-to-point interface so that it can be protected
through Loop-Free Alternate (LFA) FRR.
For a proper deployment for Fast Reroute with Remote Loop-Free Alternate feature, the protected link should also be configured
with BFD
Restrictions for Fast Reroute with Loop-Free Alternate
Load balance
support is available for FRR-protected prefixes, but the 50 ms cutover time is
not guaranteed.
A maximum of
eight FRR-protected interfaces can simultaneously undergo a cutover.
LFA calculations
are restricted to interfaces or links belonging to the same level or area.
Hence, excluding all neighbors on the same LAN when computing the backup LFA
can result in repairs being unavailable in a subset of topologies.
Only physical and physical port-channel interfaces and subinterfaces are protected. Tunnels and virtual interfaces are not
protected.
The remote LFA backup path for MPLS traffic can be setup only using LDP. Only per-prefix protection is supported.
Border Gateway Protocol (BGP) Prefix-Independent Convergence (PIC) and FRR can be configured on the same interface as long
as they are not used for the same prefix.
IS-IS and FRR
When a local link
fails in a network, IS-IS recomputes new primary next-hop routes for all
affected prefixes. These prefixes are updated in the RIB and the Forwarding
Information Base (FIB). Until the primary prefixes are updated in the
forwarding plane, traffic directed towards the affected prefixes are discarded.
This process can take hundreds of milliseconds.
In FRR, IS-IS computes LFA next-hop routes for the forwarding plane to use in case of primary path failures. LFA is computed
per prefix.
When there are
multiple LFAs for a given primary path, IS-IS uses a tiebreaking rule to pick a
single LFA for a primary path. In case of a primary path with multiple LFA
paths, prefixes are distributed equally among LFA paths.
Repair Paths
Repair paths forward
traffic during a routing transition. When a link or a router fails, due to the
loss of a physical layer signal, initially, only the neighboring routers are
aware of the failure. All other routers in the network are unaware of the
nature and location of this failure until information about this failure is
propagated through a routing protocol, which may take several hundred
milliseconds. It is, therefore, necessary to arrange for packets affected by
the network failure to be steered to their destinations.
A router adjacent to
the failed link employs a set of repair paths for packets that would have used
the failed link. These repair paths are used from the time the router detects
the failure until the routing transition is complete. By the time the routing
transition is complete, all routers in the network revise their forwarding data
and the failed link is eliminated from the routing computation.
Repair paths are
precomputed in anticipation of failures so that they can be activated the
moment a failure is detected.
The LFA FRR feature uses the following repair paths:
Equal Cost Multipath (ECMP) uses a link as a member of an equal cost path-split set for a destination. The other members of
the set can provide an alternative path when the link fails.
LFA is a next-hop route that delivers a packet to its destination without looping back. Downstream paths are a subset of LFAs.
LFA Overview
LFA is a node other
than the primary neighbor. Traffic is redirected to an LFA after a network
failure. An LFA makes the forwarding decision without any knowledge of the
failure.
An LFA must neither
use a failed element nor use a protecting node to forward traffic. An LFA must
not cause loops. By default, LFA is enabled on all supported interfaces as long
as the interface can be used as a primary path.
Advantages of using
per-prefix LFAs are as follows:
The repair path
forwards traffic during transition when the primary path link is down.
All destinations
having a per-prefix LFA are protected. This leaves only a subset (a node at the
far side of the failure) unprotected.
LFA
Calculation
The general algorithms
to compute per-prefix LFAs can be found in RFC 5286. IS-IS implements RFC 5286
with a small change to reduce memory usage. Instead of performing a Shortest
Path First (SPF) calculation for all neighbors before examining prefixes for
protection, IS-IS examines prefixes after SPF calculation is performed for each
neighbor. Because IS-IS examines prefixes after SPF calculation is performed,
IS-IS retains the best repair path after SPF calculation is performed for each
neighbor. IS-IS does not have to save SPF results for all neighbors.
Interaction Between
RIB and Routing Protocols
A routing protocol
computes repair paths for prefixes by implementing tiebreaking algorithms. The
end result of the computation is a set of prefixes with primary paths, where
some primary paths are associated with repair paths.
A tiebreaking
algorithm considers LFAs that satisfy certain conditions or have certain
attributes. When there is more than one LFA, configure the
fast-reroute per-prefix
command with the tie-break keyword. If a rule eliminates all
candidate LFAs, then the rule is skipped.
A primary path can
have multiple LFAs. A routing protocol is required to implement default
tiebreaking rules and to allow you to modify these rules. The objective of the
tiebreaking algorithm is to eliminate multiple candidate LFAs, select one LFA
per primary path per prefix, and distribute the traffic over multiple candidate
LFAs when the primary path fails.
Tiebreaking rules
cannot eliminate all candidates.
The following
attributes are used for tiebreaking:
Downstream—Eliminates candidates whose metric to the protected
destination is lower than the metric of the protecting node to the destination.
Linecard-disjoint—Eliminates candidates sharing the same
linecard with the protected path.
Shared Risk Link
Group (SRLG)—Eliminates candidates that belong to one of the protected path
SRLGs.
Load-sharing—Distributes remaining candidates among prefixes
sharing the protected path.
Lowest-repair-path-metric—Eliminates candidates whose metric to
the protected prefix is higher.
Node
protecting—Eliminates candidates that are not node protected.
Primary-path—Eliminates candidates that are not ECMPs.
Secondary-path—Eliminates candidates that are ECMPs.
Fast Reroute with
Remote Loop-Free Alternate
Fast Reroute with Remote Loop-Free Alternate (FRR Remote LFA) feature enables you to tunnel a packet around a failed link
to a remote loop-free alternate that is more than one hop away.
When a link or a
router fails, distributed routing algorithms compute new routes that take into
account the failure. The time taken for computation is called routing
transition. Until the transition is complete and all routers are converged on a
common view of the network, the connectivity between the source and destination
pairs is interrupted. You can use the IP Loop-Free Alternate (LFA) Fast Reroute
(FRR) to reduce the routing transition time to less than 50 milliseconds using
a precomputed alternate next hop. When a router is notified of a link failure,
the router immediately switches over to the repair path to reduce traffic loss.
Note that the routing transition in IGP/BGP convergence can take up to several
hundreds of milliseconds.
IP Loop-Free Alternate
(LFA) Fast Reroute (FRR) supports the precomputation of repair paths.
Intermediate System-to-Intermediate System (IS-IS) routing protocol enables the
repair path computation. The resulting repair paths are sent to the Routing
Information Base (RIB). Cisco Express Forwarding (formerly known as CEF) and
Open Shortest Path First (OSPF) installs the repair path.
With IP local LFA
FRR, IGPs only compute directly connected neighbor as an LFA backup path to
protect the given prefix's primary path. Label Distribution Protocol (LDP) sets
up labeled backup LSP with the next-hop for the protected prefix. Some
topologies (for example the commonly used ring-based topology) require
protection that is not afforded by LFA FRR. In such cases, use the LDP-based
FRR Remote LFA feature where IGPs compute non-directly connected neighbor,
which are more than one hop away, as LFA backup path to protect the given
prefix's primary path. The LDP sets up labeled backup LSP with the remote
next-hop for the protected prefix. LDP also sets up another transport LSP to
tunnel traffic to remote next-hop without exposing the LFA backup label as
learnt from remote node.
Consider the topology
shown in the figure below:
Device A tries to send traffic destined to F to next-hop B. Device B cannot be used as an LFA for prefixes advertised by nodes
C and F. The actual LFA is node D. However, node D is not directly connected to the protecting node A. To protect prefixes
advertised by C, node A must tunnel the packet around the failed link A-C to node D, provided that the tunnel does not traverse
the failing link.
FRR Remote LFA
feature enables you to tunnel a packet around a failed link to a remote
loop-free alternate that is more than one hop away. In the figure above, the
green arrow between A and D shows the tunnel that is automatically created by
the remote LFA feature to bypass looping.
Configuration
Perform the following tasks to configure FRR with LFA.
The show outputs given in the following section display the details of the configuration of the FRR with Remote LFA feature,
and the status of their configuration.
/* Verify the route summary information about the specified routing table. */
RP/0//CPU0:router# show route 10.3.3.3
Routing entry for 10.3.3.3/32
Known via "isis 44", distance 115, metric 20, type level-1
Installed Nov 15 19:43:13.367 for 00:00:34
Routing Descriptor Blocks
10.1.1.1, from 10.3.3.3, via TenGigE0/0/0/0, Backup (remote)
Remote LFA is 10.9.9.9
Route metric is 0
10.1.1.2, from 10.3.3.3, via TenGigE0/7/0/3, Protected
Route metric is 20
No advertising protos.
/* Verify the MPLS LDP configuration. */
RP/0//CPU0:router# show running mpls ldp
Codes:
- = GR label recovering, (!) = LFA FRR pure backup path
{} = Label stack with multi-line output for a routing path
G = GR, S = Stale, R = Remote LFA FRR backup
Prefix Label Label(s) Outgoing Next Hop Flags
In Out Interface G S R
------------- ----- -------- -------- --------------- ----
192.0.2.0/24 16019 { 16001 Te0/0/0/0 10.1.1.1 (!) R
28006 } (10.9.9.9)
ImpNull Te0/7/0/3 192.0.2.1
192.0.2.1/32 16013 ImpNull Te0/0/0/0 10.1.1.1
192.0.1.0/32 16014 { 16001 Te0/0/0/0 10.1.1.1 (!) R
16002 } (10.9.9.9)
ImpNull Te0/7/0/3 192.0.2.2
10.9.9.9/32 16012 16001 Te0/0/0/0 10.1.1.1
28006 Te0/7/0/3 192.0.2.1
10.23.1.0/24 16018 16004 Te0/0/0/0 10.1.1.1 (!)
ImpNull Te0/7/0/3 192.0.2.1
10.34.1.0/24 16015 ImpNull Te0/0/0/0 10.1.1.1
10.0.0.1/32 16011 { 16001 Te0/0/0/0 10.1.1.1 (!) R
16013 } (10.9.9.9)
16016 Te0/7/0/3 192.0.2.1
10.100.0.2/32 16010 { 16001 Te0/0/0/0 10.1.1.1 (!) R
/* Verify whether RLFA filtering is active */
RP/0/0/CPU0:Router #show isis fast-reroute 1.0.0.2/32 detail
L2 1.0.0.2/32 [20/115] medium priority
via 1.2.0.2, GigabitEthernet0/0/0/0, R2, Weight: 0
Backup path: R-LFA, via R3 [1.0.0.3], via 1.4.1.2, GigabitEthernet0/0/0/1 R4, Weight: 0, Metric: 20 /*3.3.3.3 is filtered out, and another address is picked when RLFA filtering is active */
P: No, TM: 20, LC: No, NP: No, D: No, SRLG: Yes
src R2.00-00, 1.0.0.2