Loop Free Alternate and Remote Loop Free

Alternate IP Fast Reroute

Contents
Introduction
Prerequisites
Requirements
Components Used
Background Information
Understand MPLS
Configure
Network Diagram
Configurations
Verify
Troubleshoot

Introduction

This document describes how the IP Fast Reroute (FRR) provides fast recovery methods in Label
Distribution Protocol (LDP) based networks.This is a lot simpler to implement. Loop Free Alternate
(LFA) is similar to Multiprotocol Label Switching (MPLS) FRR i.e. it pre-installs the backup next-
hop into the forwarding plane. LFA’s don't introduce any protocol extensions and can be
implemented on a per router basis, which makes it a very attractive option.

Prerequisites
Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.

Background Information
Understand MPLS
FRR Options:

Loop Free Alternate (LFA) FRR pre-computes a loop-free alternate path and installs into the
forwarding place. LFA is calculated based on route in equality.

LFA:

Inequality 1: D(N,D) < D(N,S) + D(S,D)

Path is loop-free because N’s best path is not through local router. Traffic sent to backup next hop
is not sent back to S.

Downstream Path:

Inequality 2: D(N,D) < D(S,D)

Neighbor router is closer to the destination than local router. Loop-free is guaranteed even with
multiple failures (if all repair-paths are downstream path).

Node Protection:
Inequality 3: D(N,D) < D(N,E) + D(E,D) N's path to D must not go through E.

The distance from the node N to the prefix via the primary next-hop is strictly greater than the
optimum distance from the node N to the prefix.

Loop Free Link Protecting for Broadcast Link:

Inequality 4: D(N,D) < D(N,PN) + D(PN,D)

The link from S to N should not be the same as the protected link.

The link from N to D should not be the same as the protected link.

Advantages of LFA and rLFA:

● Simplified Configuration
● Link and Node Protection
● Link and Path Protection
● LFA paths
● Support for both IP and LDP
● LFA FRR is supported with Equal Cost Multipath (ECMO)
Disadvantages of LFA and rLFA:

●LDP must be enabled everywhere

●Enabled Target LDP everywhere
●No other tunnelling mechanisms other than MPLS are supported
●PQ Node protects only the link and not the node
●PQ Node calculations are only executed if there are unprotected paths for protectable Prefixes
●A targeted LDP session to PQ Node will only be built if none exits yet
●No remote LFA for per-link
Remote LFA (rLFA):

LFA does not provide full coverage and it is very topology dependent. Reason is simple i.e. in
many cases, in order to backup next-hop, the best path goes through the router and calculates the
backup next-hop.

This problem can be solved if you can find a router which is more than one hop away from
the router that calculates, from which the traffic is forwarded to the destination without traversing
the failed link and then you can tunnel the packet to that router.

These kinds of multi-hop repair paths are more complicated than single hop repair paths as
computations are needed to determine if a path exits (to begin with) and then a mechanism to
send the packet to that hop.

Let's look at a Point of Presence (POP) with aring topology as per the mentioned ring structure.

R3 does not meet inequality # 1 (3 < 1 + 2).

So R3 best path is through the failed link.

If you find a node from which traffic is forwarded to the destination without traversing the failed link
and it sends it to that node, then you can achieve FRR without causing a loop.

P-Space:

The P-Space of a router with respect to a protected link is the set of routers reachable from that
specific router with the use of the pre-convergence shortest paths, without any of those paths, that
transits that protected link.

P-Space is a set of routers that R2 (source) can reach without the use of the R2 (S) - R1 link
which is R3 (P-Space) and R4 (P-Space) nodes.

Extended P-Space:

The extended P-Space of the protecting router with respect to the protected link is the union of the
P-Space of the neighbours in that set of neighbor, with respect to the protected link, which makes
it the union of the P-Spaces of the neighbours in that set of neighbours with respect to the
protected link.

Extended P-Space contains the routers that are R2 - direct neighbor, R3 - can reach without the
use of the R2 - R1 link which is R4 and R5 node. Point behind Extended P-Space is that it helps to
increase the coverage.
Q-Space:

Q-Space of a router with respect to a protected link is the set of routers from which that specific
router that can be reached without any path (that includes ECMP splits) and transits that protected
link.

Q-Space contains the routers that normally reach R6 without the use of the R2 (S) R1 link which is
R1, R5 and R4 nodes.

PQ Node:

A router that is both Extended P-Space and Q-Space is a PQ node.

Any router which is a PQ node can be a remote LFA candidate. The candidate router to whom R2
(S) can send the packet, will forward the packet to the destination without traversing through R2(S)
R1 link. In this case, R4 and R5 are the PQ nodes and are considered remote LFA candidates for
R2 (S).

There are various ways to tunnel the traffic like IPinIP, GRE and LDP etc. However, the most
common form of implementation is LDP tunnel.

In Case of IP Traffic Protection:

If you protect IP traffic, then R2 (s) pushes an LDP label on top of IP packet to reach R4 (assume
R2 (S) picket R4) as a Remote LFA node. When R3 receives the packet, it forwards the packet to
R4 as a plain IP packet because of normal PHP behaviour. When R4 receives the packet destined
to R6 (D), it forwards the packet upstream towards R5 node.
In Case of Protecting LDP Traffic:

In this case a stack that consists of two LDP labels is used by R2(S).

Outer LDP label x, is the label to reach R4 and inner LDP label Y, is label to reach R6 (D) from R4.

Now the question is, how will R2 (S) know that R4 uses LDP label Y in order to send traffic
towards R6(D). In order for the protecting node-to-node to know what label a PQ node uses to
forward the destination (D), it has to establish Targeted LDP session with a PQ node to get the
FEC to label mapping. Therefore, you know that TLDP sessions should be enabled on the all the
nodes for Remote LFA.
Benefits of rLFA over LFA:

● RLFA improves the LFA coverage in ring and poorly meshed topology
● It improves the consistency when the remote tunnel endpoint is selected
● Might work with RSVP with very little operational and computational overhead
● RSVP can be used to complement LFA/eLFA and vice versa
● When used in conjunction with MPLS LDP, there is no need of additional protocol in the
control plane
● The data plane for MPLS makes use of label stacking to tunnel the packets to the PQ node
from there
● Traffic flows to the destination and does not return to the source or traverses the protected link

Configure
Network Diagram
Configurations

Lab Details to Protect LDP Traffic:

ISIS Configuration:

router isis 20

net 20.0000.0000.0005.00

is-type level-1

metric-style wide level-1

fast-reroute per-prefix level-1 route-map LFA >>>>>>>>>>> rLFA Configuration

fast-reroute remote-lfa level-1 mpls-ldp >>>>>>>>>>>>>>>>> rLFA Configuration

mpls ldp autoconfig level-1

MPLS Mandatory Configuration:

mpls ldp explicit-null

fast-reroute remote-lfa level-1 mpls-ldp

mpls ldp router-id Loopback0

Verify
Use this section in order to confirm that your configuration works properly.

In order to display the remote LFA tunnels for ISIS:

R1#sh isis fast-reroute remote-lfa tunnels

Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%

No time source, *11:28:59.528 UTC Wed Jan 3 2018

Tag 20 - FRR Remote-LFA Tunnels:

MPLS-Remote-Lfa1: use Gi2/0, nexthop 10.3.4.4, end point 10.0.0.5

MPLS-Remote-Lfa2: use Gi3/0, nexthop 10.3.3.3, end point 10.0.0.5

In order to check the IOS programming for a given prefix, run the CLI:

R1#sh ip cef 10.0.0.5

Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%

No time source, *11:32:04.857 UTC Wed Jan 3 2018

10.0.0.4/32

nexthop 20.31.32.32 GigabitEthernet3/0 label [17|17]

repair: attached-nexthop 10.3.4.4 GigabitEthernet2

nexthop 10.3.4.4 GigabitEthernet2/0 label [17|17]

repair: attached-nexthop 10.3.3.3 GigabitEthernet3

In this output, you can see primary and backup labels [17|17] respectively. The repair path is going
via a remote LFA tunnel. It is not necessary that all the prefixes should be protected with the use
of a remote LFA tunnel. Based on the possibility of looping, the LFA logic chooses to go over
either normal backup path or a tunneled backup path.

R1#show ip route repair-paths 10.0.0.8

Load for five secs: 1%/0%; one minute: 0%; five minutes: 0%

No time source, *11:39:07.467 UTC Wed Jan 3 2018

Routing entry for 10.0.0.81/32

Known via "isis", distance 115, metric 30, type level-1

 Redistributing via isis 20

Last update from 10.3.4.4 on GigabitEthernet2/0, 1d12h ago

Routing Descriptor Blocks:

* 10.3.4.4, from 20.0.0.81, 1d12h ago, via GigabitEthernet2/0

Route metric is 30, traffic share count is 1

Repair Path: 20.0.0.42, via MPLS-Remote-Lfa2

[RPR]10.0.0.4, from 10.0.0.8, 1d12h ago, via MPLS-Remote-Lfa2

Route metric is 20, traffic share count is 1

Troubleshoot
There is currently no specific troubleshooting information available for this configuration.