Cisco Live IP LFA Architecture and Troubleshooting

IP LFA (Loop-Free-Alternative): Architecture
and Troubleshooting
BRKRST-3020
Luc De Ghein
Technical Leader Services
Agenda
Introduction
LFA Overview
LFA Architecture
Per-link vs per-prefix
Repair path selection and tie-breakers
Remote LFA
Repair path in data plane
Configuration, implementation and troubleshooting (OSPF, ISIS, EIGRP) in

IOS and IOS-XR
Conclusion
BRKRST-3020
2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Introduction
Introduction
Best-effort traffic delivery for IPv4/v6 was good enough
Service failures caused by routing transitions are largely hidden by higher-level
protocols that retransmit the lost data
But, this not good enough anymore for voice and video traffic
We need something better: IP-FRR
Low-hanging fruit
MPLS is not needed
One implementation is LFA

IPv4 is used throughout the presentation same principles apply to IPv6
BRKRST-3020
Cisco Public
Goal - Benefits
Provide FAST restoration of traffic flow in case of network failure
Designed to give the same speed of recovery as MPLS TE FRR
Does not require MPLS to function (though may protect MPLS traffic if present)
Remote LFA does require MPLS at this time
The goal was to provide 50 ms restoration (actual speed depends on platform)

Protect
One single link failure

One single node failure
No path protection
Multiple failure conditions are not covered
Simpler than MPLS TE FRR to configure and operate

Good scalability
Incremental deployment no inter-router signaling specific to LFA FRR
BRKRST-3020
Cisco Public
No signaling
protocol
LFA Overview
Convergence, Protection, Restoration

Convergence
In case of failure, the routing protocol computes new best path
New best path gets installed in data plane
1-5 sec
Fast convergence
Same as above, but faster
Tuned routing protocol
< 1 sec
Pre-computed backup path

For speed: pre-computed backup/repair path needed, in data plane
BRKRST-3020
Cisco Public
50-100 msec
LFA and MPLS TE Comparison

LFA FRR
MPLS TE FRR
Repair Path
Least cost
Constraints based with bandwidth

guarantee and path control
Link Protection
Yes
Yes
Node Protection
Yes
Yes
Path Protection
No
Yes
Control Plane Requirements
None
RSVP-TE
Provisioning
Minimal Configuration
Significant
Network Topology
Effective with mesh
No dependency. Always works.
SRLG
Yes
Yes
Load distribution over multiple repair paths
Yes
No
IPv6 support
Yes
No
BRKRST-3020
Cisco Public
Reducing Loss Of Connectivity (LoC)

Control Plane Fast Convergence
Data Plane Convergence (FRR)
t0 Failure Detection
t1 Failure Propagation (Flooding, Updates, etc)
t2 Topology/Routing Recalculation
t3 Update Routing and Forwarding Table (RIB/FIB)
t0 Failure Detection
tR Switchover to (pre-computed) backup path
t2 Topology/Routing Recalculation
t3 Update Routing and Forwarding Table (RIB/FIB)
LoC
t0
t1
t2
failure
LoC
t3
t4
t0 tR t1
t2
t3
t4
failure
BRKRST-3020
Cisco Public
10
LFA Architecture
Principal Idea Behind LFA

repair path
R3
R1
R2
primary path
R1 has best path : R1-R2

R1 computes repair path R1-R3-R2 = Loop-Free Alternate (LFA)
Repair path does not go over link R1-R2
Next hop router R3 delivers traffic to destination without returning the traffic to R1
BRKRST-3020
Cisco Public
12
Building Blocks of LFA
Requirement
Building Block of LFA
Speed
Pre-compute repair path
Speed of restoration
Put repair path in data plane (CEF)
Fast detection
Fast Link down detection best to

use BFD
Cleanup
Normal convergence occurs after the

event
BRKRST-3020
Cisco Public
13
Principal Mechanism of LFA

Normal Shortest Path Calculation (SPF)
topology
SPT
root router
&
10
B
20
10
10
30
10
10
10
30
10
G
10
30
10
calculating node
10
10
10
SPF
10
10
G
10
G
BRKRST-3020
Cisco Public
14
Principal Mechanism of LFA

The trick = calculating router runs SPF with other router as root
topology
SPT
calculating node
10
10
10
SPF
20
10
10
root router
10
10
30
10
10
10
30
10
10
30
10
G
10
reverse SPF = rSPF
All of the LFA (directly connected and remote) is made possible by the calculating
router running an SPF with its neighbor(s) as root
10
G
An SPF with any router in the area as root is not needed (but could be theoretically done)
BRKRST-3020
Cisco Public
15
General Theory Definitions

primary path
E
D
N
Name
Definition
Source (local) router
The router where all calculations are done
Destination router
The router where the prefixes are connected
Neighboring router
The neighbor router which is the alternate next

hop router under investigation
Another neighboring router
The primary next hop router
D(A,B)
Distance
The lowest cost from A to B
BRKRST-3020
Cisco Public
16
General Theory - Rules

Loop Free Alternate
E is the primary next
hop router
Inequality 1: D(N,D) < D(N,S) + D(S,D)

Path is loop-free because Ns best path is not through local router.
Traffic sent to backup next hop is not sent back to S.
E
Downstream Path
Inequality 2: D(N,D) < D(S,D)
Neighbor router is closer to the destination than local router.

Loop-free is guaranteed even with multiple failures (if all repair-paths
are downstream path).
N
Node protection
N is the protecting next

hop router
Inequality 3: D(N,D) < D(N,E) + D(E,D)

N's path to D must not go through E.
The distance from the node N to the prefix via the primary next-hop is
strictly greater than the optimum distance from the node N to the prefix.
BRKRST-3020
Cisco Public
17
General Theory - Rules

Loop Free Link Protecting for Broadcast Link
Inequality 4: D(N,D) < D(N,PN) + D(PN,D)
the link from S to N should not be the same as the protected link
the link from N to D should not be the same as the protected link
PN
PN = PseudoNode
representing the
BroadCast link with cost 0
BRKRST-3020
Cisco Public
18
General Theory
Examples
Inequality 1
D(N,D) < D(N,S) + D(S,D)
Loop Free
Alternate
Inequality 2
D(N,D) < D(S,D)
Downstream
path
Inequality 3
D(N,D) < D(N,E) + D(E,D)
Node
protection
Inequality 1: 11 < 12 + 15 ?
10
Inequality 2: 11 < 15 ?
S
12
11
Inequality 3: 11 < 16 + 5 ?
Inequality 1: 20 < 12 + 15 ?
10
S
12
20
Inequality 3: 20 < 22 + 5 ?
10
Inequality 1: 25 < 12 + 15 ?
20
S
12
N
BRKRST-3020
Inequality 3: 25 < 20 + 5 ?
Cisco Public
19
General Theory
Examples Bis
Inequality 1: 25 < 10 + 27 ?
22
Inequality 1
D(N,D) < D(N,S) + D(S,D)
Loop Free
Alternate
Inequality 2
D(N,D) < D(S,D)
Downstream
path
Inequality 3
D(N,D) < D(N,E) + D(E,D)
Node
protection
20
S
20
Inequality 3: 25 < 20 + 5 ?
10
Inequality 1: 27 < 12 + 15 ?
12
27
N
BRKRST-3020
Inequality 3: 27 < 22 + 5 ?
Cisco Public
20
General Theory
Example 4th Inequality
the link from S to N should not be the same as the protected link
Inequality 1
D(N,D) < D(N,S) + D(S,D)
Loop Free
Alternate
Inequality 2
D(N,D) < D(S,D)
Downstream
path
Inequality 3
D(N,D) < D(N,E) + D(E,D)
Node
protection
Inequality 4
D(N,D) < D(N,PN) + D(PN,D)
Loop Free
Alternate BC
the link from N to D should not be the same as the protected link
8
10
25
0
10
21
PN
0
11
10
D(N,D) = 21 and path goes through the PN
Inequality 4: 21 < 10 + 11 ?
BRKRST-3020
Loop-free for BC link
Cisco Public
21
General Theory
Per-Link versus Per-Prefix LFA
Per-Prefix
Per-Link
D1
10
10
N1
10
10
10
10
D1
5
E
D1 + D2
5
N2
10
10
D1
10
N1
10
D2
D2
Backup path carries traffic for all destinations through primary next hop
Node protection is possible, but not guaranteed (topology dependent)

Node protection if path is S-N1-D1, but then suboptimal path for
prefixes to D2
5
N2
10
D2
Two different backup path can carry traffic for

different prefixes through primary next hop,
and hence produce better load sharing
More complex calculations than per-link LFA,

computation is for each neighbor of S and perprefix
There is no difference in path for prefixes to D1 or D2

Can lead to overloaded links S-N2 and N2-E
10
Per-Link LFA or per-prefix LFA is

chosen per interface!
Simple computation, single rSPF per protected neighbor

BRKRST-3020
Cisco Public
22
Inequality 1
D(N,D) < D(N,S) + D(S,D)
General Theory
Loop Free
Alternate
Per-Link versus Per-Prefix LFA: Coverage

Per-Link
Per-Link
10
15
15
20
B
10
20
B
10
10
E
X+Y
15
10
E
X+Y
E is primary next-hop for prefixes X and Y
E2 is primary next-hop for prefixes X and Y
Inequality 1 : prefix X : 15 < 10 + 20
Inequality 1 : prefix X : 15 < 15+ 20
Inequality 1 : prefix Y : 20 < 10 + 10
Inequality 1 : prefix Y : 20 < 15 + 10
No protection for prefix X and Y !
Protection for prefix X and Y !
Conclusion?
BRKRST-3020
All or nothing (prefixes) with

Per-Link LFA
Prefixes reachable through the same

primary next-hop, share the same backup
Cisco Public
23
General Theory
Per-Link LFA Limitation
30
16
N1
70
Prefix from D1, NH = D1, cost = 30

Prefix from D2, NH = S, cost = 81
40
D1
5
30
20
N2
16
30
D2
N1
70
40
D1
5
E
15
20
N2
30
D2
Prefix from D1, NH = S, cost = 51

Prefix from D2, NH = E, cost = 50
Traffic to D2 is forwarded to E on N2
Traffic to D1 is forwarded to D1
Traffic to D1 is U-turned on N2, back to S
Traffic to D2 is U-turned on N1, back to S
Conclusion?
BRKRST-3020
Per-Link LFA does not always work
Cisco Public
24
General Theory
Comments/Coverage
LFA
Very good network coverage

loops possible
Downstream paths
No loop possible
Less network coverage
link- without node-protection

can cause microloop
Ring topology: no coverage
BRKRST-3020
Cisco Public
25
Load Balancing/ECMP
ECMP : more than one primary next hop
The other primary next hops might provide:
only link protection

only node protection
both link and node protection
alternate path
18
10
N1
14
Depending on the defaults and

configuration, the althernate NHs can be
another primary NH or an alternate nonprimary NH
10
Using primary NH as alternate NH

10
14
N2
primary path
Pro: no loop possible
Con: congestion is possible
N3
BRKRST-3020
Cisco Public
26
IP-FRR and MPLS

LDP follows the topology calculated by the routing protocol
LDP requirement: Downstream Unsolicited; Liberal Retention
No issue (always, except for ATM interfaces)
Forwarding plane considers the fact that protecting label is different for each
prefix
Same LFA but different protecting label per prefix
IP FRR transparently supports VPN, VPLS, 6PE/6VPE

Check if it is supported
BRKRST-3020
Cisco Public
27
Micro-Loops
A loop short in time
Resolved by normal link state convergence, i.e. loop until first SPF
During the reconvergence period some routers in the network forward traffic
based on the 'old' forwarding table and some routers have already switched to
use the 'new' forwarding table
Result of difference in updating speed on routers
CPU, forwarding ASICs, difference in distance in topology
Duration of loops is bounded by the reconvergence time of the slowest routers

Microloop can happen close to the failure or far from it
Loop is after S reconverges, but other router did not finish reconverging yet
BRKRST-3020
Cisco Public
28
Micro-Loops
rLFA tunnel
Link failure S-D
t0 Link failure detected

tR IP-FRR kicks in on S
t2 Topology/Routing Recalculation (SPF runs on S)
t3-t4 Update Routing and Forwarding Table (RIB/FIB)
t4 end of updating on S
t5 end of updating on N
[t3-t4]-[t4-t5] N still has route for D, pointing to S:
loop
t5 loop resolved: N finished updating its tables:
then route for D points to R1
failure
BRKRST-3020
R1
R2
LoC
t0 tR t1
loop
t2
t3
Cisco Public
t4
t5
29
Micro-Loops
Micro loops
A loop short in time
Resolved by normal link state convergence, i.e. loop until first SPF
Methods are proposed to prevent micro-loops (RFC 5715)

Is it worth it?
Solution
Routers connected to failed link delay updating forwarding table
Until all other routers have converged
RIB delay timer
In the meantime, traffic remains on rLFA protected path
BRKRST-3020
Cisco Public
30
Remote LFA
The Problem & The Solution
The problem
Directly connected LFA does not cover all
No neighbor is found which is an LFA
Remote LFA covers more
Typically a ring topology will need remote LFA
R2
Remote LFA
(encap tunnel)
R3
The solution
R4
Remote LFA: tunnel the packets to a router which can deliver

the packets without going across the failed link
BRKRST-3020
R5
Cisco Public
31
Remote LFA
No 100% Coverage
No tunnel to remote LFA is possible
A tunnel to R3 is not good enough (far enough), because the cost
from R3 to router D is 6 counter clockwise vs 3 clockwise
Packets coming out of the tunnel on R3 would be sent back to R1
clockwise
A tunnel to R4 is good enough (far enough), because the cost

from R4 to router D is 2 counter clockwise vs 7 clockwise
But the tunnel is not possible because the cost from R2 to R4 is 5
counter clockwise vs 4 clockwise
R2 would send tunneled packets back to router S clockwise
R2
R3
R5
R4
BRKRST-3020
Cisco Public
32
Remote LFA
Finding the Tunnel Endpoint
P space of Router S
Q space of Router E
S
PQ
P-space of router S and the link SE
Q-space of the router E and the link SE
It is the set of routers that S can reach without

passing through the link SE (including ECMP)
It is the set of routers that can reach the

router E without passing through the link SE
A router common to both P and Q space is called a PQ router

If S tunnels a packet to the PQ router, then the packet is guaranteed to reach E
without passing through link SE
BRKRST-3020
Cisco Public
An algorithm is needed to
pick a PQ router if multiple
candidates exist
33
Remote LFA
Extended P-Space
P space of Router S
Q space of Router E
N
PQ
Extended P-space of router S and the link SE

The set of links that all of neighbors of router S can reach
without passing through the link SE
Extended P-space = P-space of each neighbor and the protected link

Extended = more prefix coverage
BRKRST-3020
Cisco Public
34
Remote LFA
Calculating the P-space
topology
SPT after pruning

protected link branch
SPT
SPF
pruning
P-space
Compute SPF rooted in the protecting node

Any node reachable through protected link branch does NOT belong to the P-space
Prune branch going through protected link (including ECMP)
Routers B and D constitute the P space
A can reach B and D without going through AC

B and D are candidate PQ/release nodes
BRKRST-3020
Cisco Public
35
Remote LFA
Calculating the Q-space
topology
SPT after pruning

rSPT rooted at C
rSPF
C
pruning
C
Q-space
D
Compute Reverse SPF rooted on link far end router

only one rSPF needed = cheap
Any node reachable through protected link sub-branch is NOT a PQ candidate
Prune branch going through protected link
Routers E and D constitute the Q space
E and D can reach C without going through AC

E and D are candidate PQ/release node
BRKRST-3020
Cisco Public
36
Remote LFA
Calculating the Set of PQ Candidates
Q-space
P-space
topology
PQ candidate is any member of both trees
BRKRST-3020
PQ
candidate
Cisco Public
37
Remote LFA
Extended P-Space
Extended P-space
P-space of each neighbor and the protected link
A
There is an increase of prefix coverage

For example in the square topology
Normally there is no PQ node in the

square topology
With extended P-Space, D becomes a
PQ node for neighbor C
BRKRST-3020
Extended P-Space calculation is not

expensive
Directly Connected LFA makes sure the router
already runs SPF in behalf of each neighbor
Directly Connected LFA is run before Remote LFA
Cisco Public
38
Remote LFA
Square with P-Space
SPT
SPT after pruning

A
A
pruning
SPF
C
topology
A
SPT after pruning

rSPT rooted at B
C
P-space
SPF
Q-space
pruning
A
BRKRST-3020
no intersection
C
C
Cisco Public
39
Remote LFA
Square with Extended P-Space
rSPT rooted at C
SPT after pruning

C
C
topology
A
A
D
B
B
SPT after pruning

rSPT rooted at B
C
Extended
P-space
pruning
SPF
SPF
Q-space
pruning
A
BRKRST-3020
PQ is
router D
C
C
Cisco Public
40
Remote LFA
Notes on Remote LFA
The Tunnel is an LSP
By LDP only
LDP should be enabled everywhere
If not, some prefixes/link might be unprotected
The sw will not take care of excluding those links
In theory, IP-in-IP, GRE, L2TP tunneling is possible

IP tunneling is not supported by us
From forwarding plane point of view, the LSP is indistinguishable from an unprotected TE
tunnel
PQ node protection is link protecting only, not node protecting
PQ node calculations are only executed if there are unprotected paths for protectable
prefixes
No Remote LFA for per-link

BRKRST-3020
Cisco Public
41
Remote LFA
Remote LFA with MPLS
Targetted LDP
Session
PQ
Label Bindings
(IGP prefixes)
A does not find Directly Connected LFA

for link A-C
A initiates Targetted LDP

session to router D
A runs Remote LFA computation and

finds Remote LFA to D (D is chosen PQ
node)
D advertises label bindings to router A

Router A installs prefix in CEF and LFIB
as backup with label from targetted LDP
session
Notes:
Router D is not aware it will be used as PQ node
Targetted LDP acceptance must be enabled on all routers
BRKRST-3020
Cisco Public
42
Remote LFA
Remote LFA with MPLS: Packet Forwarding
IP
IP
Targetted LDP
Session
IP
L1
IP
L3
Router D advertises Label L1 to router A for prefix X

Router A programs imposition of labels { L2 L1 } for prefix X as repair path with NH router B
BRKRST-3020
Cisco Public
43
Tie Breaking
Tie Breaking
There Can Be Only One
Computation provides usually multiple LFAs
Need to select one LFA among multiple candidates for each prefix/path
How tie breaking works:
A set of consecutive rules, by preference
Each rule discards candidates
e.g. rule of node protecting eliminates paths which do not node protect
Scheme stops when one single path remains

If a rule excludes all paths (no path has the attribute), then the rule is skipped
Remaining candidates are distributed among prefixes sharing the protected primary
path (load-sharing)
Remember that an LFA candidate is a neighbor that

passes the LFA inequality
BRKRST-3020
Cisco Public
45
Tie Breaking
Attributes
Attributes
Set of attributes are
ON by default
Order of attributes:
preference value
BRKRST-3020
SRLG
Prefer other Share Link Group
Primary Path
Prefer Primary over Secondary path
Interface Disjoin
Prefer other interface then protected interface
Node protecting
Prefer node over link protecting
Broadcast Interface Disjoin
Prefer Path not using the broadcast segment
Load Sharing
Distribute candidates among prefixes sharing the protected path
Downstream
Prefer the router closer to D than S
Secondary
Prefer scondary over primary
Cisco Public
46
Tie Breaking Example

R1#show ip ospf rib 10.100.1.13
Default Tie Breaking, IOS, OSPF
via 10.1.5.7, Ethernet0/0
primary path
Flags: RIB
LSA: 1/10.100.1.13/10.100.1.13
repair path via 10.1.3.4, Serial4/0, cost 31
Flags: RIB, Repair, IntfDj, BcastDj, PrimPath , LC Dj, NodeProt, Downstr, LoadShare
LSA: 1/10.100.1.13/10.100.1.13
Flags: Ignore , Repair, IntfDj, BcastDj, LC Dj
10
20
30
40
50
60
70
256
srlg
primary-path
interface-disjoint
lowest-metric
linecard-disjoint
node-protecting
broadcast-interface-disjoint
load-sharing
LSA: 1/10.100.1.13/10.100.1.13
no path has SRLG, so this policy step is skipped
Flags: Ignore, Repair, IntfDj, BcastDj, PrimPath , LC Dj, NodeProt, Downstr, LoadShare
LSA: 1/10.100.1.13/10.100.1.13
repair path via 10.1.5.6, Ethernet0/0, cost 31
Flags: Ignore, Repair,
path 4 does not have IntfDj attribute
PrimPath , NodeProt, Downstr
paths 1 & 3 have the same cost
LSA: 1/10.100.1.13/10.100.1.13
paths 1 & 3 have the same set of attributes
Flags: Ignore , Repair, IntfDj, BcastDj, LC Dj, NodeProt

LSA: 1/10.100.1.13/10.100.1.13
BRKRST-3020
path 2 & 5 do not have PrimPath (not one of the

ECMP paths)
it comes down to loadshare : one of the

2 paths is chosen
Cisco Public
47
Configuration, Implementation and

Troubleshooting (OSPF, ISIS, EIGRP) in IOS and
IOS-XR
Implementation Notes
Differences apply in implementations
IOS does Per-Prefix LFA only

IOS-XR does Per-Link and Per-Prefix
OSPF versus ISIS
IPv6 is similar to IPv4
Restrictions
Interface types (check www.cisco.com)
Remote LFA is only calculated when Directly Connected LFA does not provide
protection (if there are unprotected paths for protectable prefixes)
Less state
Less tunnels
PQ node protection is link protecting only, not node protecting

BRKRST-3020
Cisco Public
49
Implementation Notes
Per-prefix LFA performance is proportional to nr of neighbors and nr of prefixes
Memory increase
Distance tables
RIB needs to store backup paths
LDP storage increase
Calculation is done in background

Primary SPF always has priority
OSPF
Backup path for the prefix will always be calculated in the same area where primary path exists
Backup path will be of same route type (intra-area, inter-area, external, external-NSSA) and using
same metric type as primary path
IOS-XR: only per-link or per-prefix per interface
ISIS
No FRR SPF results are stored
BRKRST-3020
Cisco Public
50
SRLG
Assigning a Shared Risk Link Group (SRLG) to an Interface
IOS
IOS-XR
interface Ethernet0/0
srlg gid 100
ip address 10.1.5.1 255.255.255.0
BRKRST-3020
srlg
interface GigabitEthernet0/0/4/1
1 value 100
Cisco Public
51
Show IP Route Repair-paths

R1#show ip route repair-paths 10.100.1.13
Routing entry for 10.100.1.13/32

Known via "ospf 1", distance 110, metric 31, type intra area
Last update from 10.1.3.4 on Serial4/0, 2d19h ago
Routing Descriptor Blocks:
* 10.1.5.7, from 10.100.1.13, 2d19h ago, via Ethernet0/0

Route metric is 31, traffic share count is 1
Repair Path: 10.1.2.3, via Serial3/0
10.1.4.5, from 10.100.1.13, 2d19h ago, via Serial5/0
[RPR]10.1.6.8, from 10.100.1.13, 2d19h ago, via Serial6/0
[RPR]10.1.2.3, from 10.100.1.13, 2d19h ago, via Serial3/0
BRKRST-3020
Cisco Public
52
IPFRR and LDP

primary label
R1#show ip route 10.100.1.13
R1#show ip cef 10.100.1.13
10.100.1.13/32
Last update from 10.1.5.7 on Ethernet0/0, 5w4d ago
remote LFA label

no label: there is no
remote label binding
from next-hop
nexthop 10.1.4.5 Serial5/0 label [46|none]

repair: attached-nexthop 10.1.6.8 Serial6/0
nexthop 10.1.5.7 Ethernet0/0 label [43|45]
* 10.1.5.7, from 10.100.1.13, 5w4d ago, via Ethernet0/0
repair: attached-nexthop 10.1.5.6 Ethernet0/0

Repair Path: 10.1.5.6, via Ethernet0/0
45 is label of the repair path

R1#show mpls ldp bind 10.100.1.13 32
10.1.4.5, from 10.100.1.13, 6w0d ago, via Serial5/0
lib entry: 10.100.1.13/32, rev 66
local binding:
remote binding: lsr: 10.100.1.2:0, label: 45
label: 41
label of
primary path
label of
repair path
BRKRST-3020
Cisco Public
53
Remote LFA Implementation Notes

The remote LFA tunnel is an interface
Name is MPLS-Remote-LFA<x>
<x> is always incremented to facilitate debugging
The remote LFA interface is unnumbered to the underlying physical interface

The remote LFA interface is always up
Adjacency changes from drop to non-drop depending in the availability of the transport
label to the tunnel tailend
There are always IPv4 and Tag adjacency for the tunnel
R1#show ip interface brief
Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
10.1.5.1
YES NVRAM
up
up
Serial2/0
10.1.1.1
YES NVRAM
up
up
Loopback0
10.100.1.1
YES NVRAM
up
up
MPLS-Remote-Lfa51
10.1.6.1
YES unset
up
up
MPLS-Remote-Lfa52
10.1.5.1
YES unset
up
up
BRKRST-3020
Cisco Public
54
Remote LFA Implementation Notes

Configuration: LDP
LDP must be enabled on the interfaces used by the repair LSP
Directly connected LFA must already be enabled
There are specefic commands to enable remote LFA
FRR-manager on the calculating node will initiate the targetted session to the
chosen PQ node
only when needed, i.e. there will not be targetted LDP sessions to all nodes by default
No remote LFA-specific LDP configuration on PQ node

The PQ node must be configured to accept targeted LDP session from the protecting
node
mpls ldp discovery targeted-hello accept [from <acl>]
BRKRST-3020
Cisco Public
55
OSPF - IOS
Configuration, Implementation and Troubleshooting

OSPF - IOS
Only per-prefix LFA
2 new debug commands

R1#debug ip ospf fast-reroute ?
rib
OSPF FastReroute Routing Information Base (RIB)
spf
OSPF LFA FastReroute SPF
R1#debug ip ospf fast-reroute rib ?

<1-199>
Access list
<1300-2699>
Access list (expanded range)
<cr>
R1#debug ip ospf fast-reroute spf ?

detail
Print more debugging detail
<cr>
BRKRST-3020
Cisco Public
57
OSPF - IOS
What is Stored Extra?
SPFs are run for each neighbor with that neighbor as root!
Full SPFs with N as root are not stored on S
Some info needs to be stored in new tables to be used by partial SPF in between full SPFs
Distance to neighbor
Stored in Per-Neighbor Router Distance Table
Not the distance to all routers in that area needs to be stored
E is the primary
next hop router
N is the protecting
next hop router
D(N,D) < D(N,E) + D(E,D)
D(N,D) equals D(S,D)viaN - D(S,N)
D(N,E) + D(E,D) equals D (N,E) + D(S,D) - D(S,E)
D(S,D)viaN - D(S,N) < D (N,E) + D(S,D) - D(S,E)
Distance from N to D is not needed and hence D(N,D) is not stored

Distance from E to D is not needed and hence not stored
Distance from neighboring routers to the destination is not stored
Distance from N to E is stored
BRKRST-3020
Cisco Public
58
OSPF - IOS
E
What?
Where?
D(S,D) for the prefixes at D
in LRIB as primary path
D(S,D)viaN for the prefixes at D
in LRIB as repair path
D(S,N)
internally (there is no show command to display this)
D(S,E)
internally (there is no show command to display this)
D(N,E)
in Per-Neighbor Router Distance Table (needed by partial SPF)
BRKRST-3020
Cisco Public
E is the primary
next hop router
N is the protecting
next hop router
59
OSPF - IOS
New Storing Elements: Per-Neighbor Tables
What
Where?
Description
Why?
Distance from neighboring

router to neighboring router
Per-Neighbor Router
Distance Table
Distance to ABRs/ASBRs
Per-Neighbor Router
Distance Table
ABR/ASBR info is built from intra-area

and inter-area reachability info and
Type 4 LSAs
Needed by partial
SPF
Distance to Network LSA
Per-Neighbor Network
Distance Table
S needs to know if N has a broadcast

interface back to S and check
inequality 4
Info needed during

partial SPF
Inequality 4: D(N,D) < D(N,PN) +

D(PN,D)
D(N,PN) is stored
External LSA forwarding

address
BRKRST-3020
Per-Neighbor External LSA

Forwarding Address
Distance Table
Needed by partial
SPF when
calculating repair
path (reachability) for
LSA type 5/7
Cisco Public
60
OSPF - IOS
New Storing Elements: Per-Neighbor Tables - Example
R1# show ip os neighbor fast-reroute
| begin ID 10.100.1.2
neighbor N of S
(root of SPF)
Neighbor with Router ID 10.100.1.2:

Reachable over:
D(S,N)
Serial2/0, IP address 10.1.1.2, cost 10
10.100.1.1
[10]
10.100.1.2
[0]
10.100.1.3
[10]
10.100.1.9
[25]
10.100.1.10
[30]
10.100.1.13
[40]
neighbors E of S
with D(N,E)
i 10.100.1.9 [25] via 10.1.1.1, Serial2/0, ASBR, Area 0, SPF 25

i 10.100.1.10 [30] via 10.1.7.3, Serial3/0, ABR, Area 0, SPF 25
i 10.100.1.13 [40] via 10.1.1.1, Serial2/0, ABR/ASBR, Area 0, SPF 25
ABRs/ASBRs with
D(N,ABR/ASBR)
R2#show ip ospf database network
Network LSA distance table:

i
[20]
External LSA forwarding address distance table:

10.200.1.2
equivalent info as show command on router with ID 10.100.1.2

R2#show ip ospf border-routers
Router distance table:
10.1.5.7
S is router R1
N is router R2
[50] via 10.200.1.0/24
i intra-area route
I inter-area route
BRKRST-3020
D(N,PN)
cost from N to DR
LS Type: Network Links

Link State ID: 10.1.5.7 (address of Designated Router)
Advertising Router: 10.100.1.7
Length: 36
Network Mask: /24
Attached Router: 10.100.1.7
R2# show ip route 10.200.1.2

Last update from 10.1.1.1 on Serial2/0, 2d23h ago
* 10.1.1.1, from 10.100.1.13, 2d23h ago, via Serial2/0
Cisco Public
61
OSPF - IOS
Primary and Repair Path in LRIB (Local RIB)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
*>
LSA: type/LSID/originator
10.100.1.13/32, Intra, cost 31, area 0

SPF Instance 44, age 01:05:21
Flags: RIB, HiPrio
primary path
via 10.1.5.7, Ethernet0/0
Flags: RIB
LSA: 1/10.100.1.13/10.100.1.13
repair path via 10.1.5.6, Ethernet0/0, cost 32

Flags: RIB, Repair, NodeProt, Downstr
LSA: 1/10.100.1.13/10.100.1.13
cost = D(S,D)viaN = D(S,N) + D(N,D)

for one prefix
Flags: Ignore, Repair, IntfDj, BcastDj, LC Dj
tie breaker attributes

if SRLG is present =
means equal SRLG value!
LSA: 1/10.100.1.13/10.100.1.13
Flags: Ignore, Repair, IntfDj, BcastDj, PrimPath, LC Dj, NodeProt, Downstr
LSA: 1/10.100.1.13/10.100.1.13
BRKRST-3020
Cisco Public
62
Configuration
IOS - OSPF
OSPF router config mode
[no] fast-reroute per-prefix enable [area <area-id>] prefixpriority {high | low}
N
O
T
E
S
BRKRST-3020
External routes do not belong to any area

To protect externals you MUST have enabled the
command without the area keyword
Enabling low priority means that both high and low
priority prefixes are eligible for protection
Cisco Public
63
Configuration
IOS - OSPF
[no] prefix-priority high route-map <route-map>
N
O
T
E
S
High priority get programmed before low priority in RIB

Route-map match statements:
Routes permitted by the route-map are assigned High priority,

the rest is Low priority
By default if not configured prefixes with /32 mask are High
priority, the rest is Low priority
match tag
match route-type
match ip address
Other match and all set statements
are ignored
BRKRST-3020
Cisco Public
64
Configuration
IOS - OSPF
[no] fast-reroute keep-all-paths
N
O
T
E
S
OSPF to keep in the LRIB all candidate

repair paths which were found during LFA
FRR SPF
For troubleshooting only
Especially when looking at or changing the
tie-breakers
BRKRST-3020
N
O
T
E
S
By default: only best repair path in RIB

Conserves memory
Cisco Public
65
Configuration
IOS - OSPF
Interface config mode
[no] ip ospf fast-reroute per-prefix protection [disable]
N
O
T
E
S
BRKRST-3020
Primary routes pointing to this interface will

not be protected
Cisco Public
66
Configuration
IOS - OSPF
[no] ip ospf fast-reroute per-prefix candidate [disable]
The interface will not be used for repair paths
N
O
T
E
S
LFA SPF optimization:

If interface cannot be used for repair paths then it is not needed to
run SPF with neighbors over this interface as root.
For example: link from a router to stub site
Reduced number of SPF: brings total LFA FRR SPF time down
BRKRST-3020
Cisco Public
67
Configuration
IOS - OSPF
[no] fast-reroute per-prefix tie-break <attribute> [required]
index <priority>
N
O
T
E
S
Supported attributes:
interface-disjoint
srlg
downstream
node-protecting
linecard-disjoint
primary-path
secondary-path
lowest-metric
BRKRST-3020
Keyword required is supported

for all attributes except lowestmetric
If required attribute is missing,
skip the path
Cisco Public
68
For Your
Reference
Default Tie Breaking OSPF - IOS

Tie-Breaker option
Description
Default values
IOS OSPF
Comment
srlg (SRLG)
Prefer LFA not sharing the same Share Link Group
10
Shared risk of links
primary-path (PrimPath)
Prefer primary over secondary path
20
Backup is member of
ECMP set
interface-disjoint (IntfDj)
Prefer path over other interface than protected one
30
lowest-metric (CostWon)
Prefer lower metric
40
The metric of the backup

node to D might be higher
than metric of S to D
linecard-disjoint (LC Dj)
Prefer path using different linecard
50
Different linecard means

also different interface,
hence this is link protecting
node-protecting (NodeProt)
Prefer node protecting over link protecting
60
(BcastDj)
Prefer path not using broadcast segment
70
load-sharing (LoadShare)
Distribute remaining candidates among prefixes sharing

the protected path
255
downstream (Downstr)
Prefer node closer to D than S
secondary-pathBRKRST-3020
Prefer secondary
over
primary
path
2014 Cisco
and/or
its affiliates.
All rights reserved.
Not configurable.
This is the catch-at-the-end
policy
Disabled by default
Cisco Public-
Disabled by default
69
Default Tie Breaking OSPF - IOS

router ospf 1
not enabled specifically for one area, so

IPFRR includes the AS external prefixes
fast-reroute per-prefix enable prefix-priority low

fast-reroute keep-all-paths
enabled for troubleshooting purposes
R1#show ip ospf fast-reroute

Loop-free Fast Reroute protected prefixes:
Area
Topology name
Priority
Remote LFA Enabled
Base
Low
No
AS external
Base
Low
Repair path selection policy tiebreaks (built-in default policy):

10
srlg
20
primary-path
30
interface-disjoint
40
lowest-metric
50
linecard-disjoint
60
node-protecting
70
256
AS external: this only shows if IPFRR is not

enabled for only area(s)
priority low indicates that low and high
priority prefixes are protected
downstream is not present by default

configuring tie-breakers removes the defaults!
load-sharing
Last SPF calculation started 5d13h ago and was running for 11 ms.
BRKRST-3020
Cisco Public
70
IPFRR Statistics for OSPF

R1#show ip ospf fast-reroute prefix-summary
Area 0:
Interface
Protected
Primary paths
Protected paths Percent protected
All
High
Low
All
High
Low
All High
Low
Se6/0
Yes
40% 100%
0%
Se5/0
Yes
25%
40%
0%
Se4/0
Yes
10
40%
66%
0%
Se3/0
Yes
0%
0%
0%
Se2/0
Yes
66% 100%
0%
Et0/0
Yes
11
27%
50%
0%
Area total:
37
21
16
13
13
35%
61%
0%
Process total:
37
21
16
13
13
35%
61%
BRKRST-3020
Coverage in percentage
Per area
Per interface
High - low
Cisco Public
71
Troubleshooting Remote LFA

Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
10.1.5.1
YES manual up
up
Loopback0
10.100.1.1
YES manual up
up
MPLS-Remote-Lfa4
10.1.5.1
YES unset
up
up
MPLS-Remote-Lfa5
10.1.4.1
YES unset
up
up
MPLS-Remote-Lfa6
10.1.4.1
YES unset
up
up
R1#show ip ospf fast-reroute
Loop-free Fast Reroute protected prefixes:
Area
Topology name
Priority
Remote LFA Enabled
Base
High
Yes
Repair path selection policy tiebreaks:

10
secondary-path
20
node-protecting
256
priority low would indicate that high

and low priority prefixes are protected
load-sharing
Last SPF calculation started 00:07:40 ago and was running for 37 ms.
BRKRST-3020
Cisco Public
72

R1#show ip ospf fast-reroute remote-lfa tunnels
Interface MPLS-Remote-Lfa4
Tunnel type: MPLS-LDP
Tailend router ID: 10.100.1.11
Termination IP address: 10.100.1.11
Outgoing interface: Ethernet0/0
First hop gateway: 10.1.5.6
there can be multiple next hops here

as one remote LFA/tunnel can protect
multiple next hops/interfaces
Tunnel metric: 21
Protects:
10.1.4.5 Serial5/0, total metric 31
Interface MPLS-Remote-Lfa5
2 remote LFAs to the same PQ node: there

are 2 distinct paths to reach the PQ node;
different neighbors are protected
One tunnel cannot protect both next hops,
as the tunnel protecting one next hop uses
the other protected next hop as outgoing
interface
Tunnel type: MPLS-LDP

Tailend router ID: 10.100.1.11
Termination IP address: 10.100.1.11
Outgoing interface: Serial5/0
First hop gateway: 10.1.4.5

Tunnel metric: 20
Protects:
10.1.5.6 Ethernet0/0, total metric 30
BRKRST-3020
Cisco Public
73

R1#sh ip ro 10.100.1.5
Last update from 10.1.4.5 on Serial5/0, 01:38:12 ago
* 10.1.4.5, from 10.100.1.5, 01:38:12 ago, via Serial5/0
Repair Path: 10.100.1.11, via MPLS-Remote-Lfa4

*>
10.100.1.5/32, Intra, cost 11, area 0

SPF Instance 81, age 1d17h
Flags: RIB, HiPrio

via 10.1.4.5, Serial5/0
Flags: RIB
LSA: 1/10.100.1.5/10.100.1.5
repair path via 10.100.1.11, MPLS-Remote-Lfa4, cost 31
Flags: RIB, Repair, IntfDj, BcastDj, LC Dj, LoadShare
LSA: 1/10.100.1.5/10.100.1.5
BRKRST-3020
MPLS-Remote-LFA4 was choosen because

MPLS-Remote-LFA5 goes over Serial5/0, the
protected link
Cisco Public
74

Interface
IP-Address
MPLS-Remote-Lfa4
10.1.5.1
MPLS-Remote-Lfa5
10.1.4.1
OK? Method Status

YES unset up
YES unset up
Protocol
up
up
R1#sh mpls ldp ne 10.100.1.11

Peer LDP Ident: 10.100.1.11:0; Local LDP Ident 10.100.1.1:0
TCP connection: 10.100.1.11.43185 - 10.100.1.1.646
State: Oper; Msgs sent/rcvd: 72/72; Downstream
Up time: 00:28:54
LDP discovery sources:
targetted
Targeted Hello 10.100.1.1 -> 10.100.1.11, active
Addresses bound to peer LDP Ident:
10.1.13.11
10.1.18.11
10.1.14.11
10.100.1.11
R1#sh mpls ldp discovery

Discovery Sources:
Interfaces:
Ethernet0/0 (ldp): xmit/recv
LDP Id: 10.100.1.6:0
Serial6/0 (ldp): xmit
Targeted Hellos:
10.100.1.1 -> 10.100.1.11 (ldp): active, xmit/recv
LDP Id: 10.100.1.11:0
BRKRST-3020
LDP session
The Targetted LDP Session could be set up

either by configuration or the FRR Manager
targetted LDP session

Cisco Public
75
For Your
Reference

primary label
remote LFA label
R1#show ip cef 10.100.1.5 detail

10.100.1.5/32, epoch 0
local label info: global/33
nexthop 10.1.4.5 Serial5/0 label [implicit-null|37]
repair: attached-nexthop 10.100.1.11 MPLS-Remote-Lfa4
nexthop 10.100.1.11 MPLS-Remote-Lfa4, repair
NH is remote LDP router-ID

R1#show mpls ldp bindings 10.100.1.5 32
lib entry: 10.100.1.5/32, rev 50
local binding: label: 33
remote binding: lsr: 10.100.1.5:0, label: imp-null
Broken example
R1#show ip cef 10.100.1.5
10.100.1.5/32
nexthop 10.1.4.5 Serial5/0 label [implicit-null|none]
remote LFA label received from the PQ

node over the targetted session
no remote LFA label: there is something
wrong, like no targetted LDP session to PQ
node
repair: attached-nexthop 10.100.1.11 MPLS-Remote-Lfa4

BRKRST-3020
Cisco Public
76
Troubleshooting LFA
R1#show ip ospf fast-reroute prefix-summary
coverage is not 100% (for the

high priority prefixes)
Area 0:
Interface
Protected
Primary paths
Protected paths Percent protected
All
High
Low
All
High
Low
All High
Low
Se6/0
Yes
11
9%
20%
0%
36%
80%
0%
Se5/0
Yes
33%
50%
0%
44%
66%
0%
Se4/0
Yes
57% 100%
0%
57% 100%
0%
Se3/0
Yes
0%
0%
0%
0%
0%
0%
Se2/0
Yes
0%
0%
0%
0%
0%
0%
Et0/0
Yes
33%
50%
0%
44%
66%
0%
Area total:
37
22
15
11
11
29%
50%
0%
43%
72%
0%
Process total:
37
22
15
11
11
29%
50%
0%
43%
72%
0%
# paths: counted as prefixes with unique path

so a prefix with 2 next hops in the RIB is counted as 2 paths
BRKRST-3020
difference : Remote LFA enabled
Cisco Public
77
Coverage is not 100%

It is not guaranteed to be 100%
Perhaps LFA is enabled for one OSPF area only
This excludes the other areas
This excludes all external prefixes
Perhaps LFA is only enabled for the high priority prefixes

Remote LFA
Some destinations can be behind routers without LDP enabled
Targetted LDP session can be down
Perhaps mpls ldp discovery targeted-hello accept [from <acl>] was forgotten
BRKRST-3020
Cisco Public
78
For Your
Reference
Debug IP OSPF Fast-Reroute SPF Detail

A major change in the network causes OSPF to run a full SPF and FRSPF
OSPF-1 INTRA: Running SPF for area 0, SPF-type Full
Normal full SPF

Adding router LSAs and building SPT
Adding summaries, externals, etc.
OSPF-1 FRSPF: Scheduling IPFRR SPF, change 'X', area dummy area, instance 440
...
OSPF-1 FRSPF: Create list of candidate neighbors for intra SPF in area 0
OSPF-1 FRSPF: Adding neighbor 10.100.1.8 via Serial6/0 to SPF work queue
OSPF-1 FRSPF: Adding neighbor 10.100.1.7 via Ethernet0/0 to SPF work queue
...
Start of FRSPF
The neighbors of the

calculating router for which
rSPf will be run
OSPF-1 FRSPF: Intra-area calcualtion for neighbor 10.100.1.7 in area 0
rSPF for one neighbor
OSPF-1 FRSPF: Add router 10.100.1.7 to P-space via neighbor 10.100.1.7

OSPF-1 FRSPF:
Adding first hop via 10.1.5.7 Ethernet0/0
...
RmtLFA is enabled: extended

P-space is built as well
P legs are stored in the remote
LFA tree
BRKRST-3020
Cisco Public
79
For Your
Reference
Debug IP OSPF Fast-Reroute SPF Detail

OSPF-1 FRSPF: Starting RmtLFA scan
Start RmtLFA scan
OSPF-1 FRSPF: Need RmtLFA tunnel for primary gateway 10.1.1.2

Serial2/0 in area 0 due to unprotected 10.1.7.0/24
...
Neighbors for which there is at least one

unprotected prefix: remote LFA will be
checked (but not necessarily found) for
these neighbors
OSPF-1 FRSPF: RmtLFA starting rSPF in area 0
Start rSPF for RmtLFA
OSPF-1 FRSPF: Intra-area reverse SPF calcualtion for neighbor

10.100.1.6 in area 0
Run rSPF for each of the next-hops,

with the next-hop as root
OSPF-1
OSPF-1
20/30,
OSPF-1
FRSPF: Found router 10.100.1.11 in Q-space of gateway 10.1.5.6 Eth0/0

FRSPF:
protecting via 10.1.4.5 Serial5/0 with tunnel/total cost
flags (Repair, IntfDj, BcastDj, SRLG, LC Dj)
FRSPF:
currently best known tunnel
Found Q leg
Trying to match P legs and Q
legs, resulting in PQ nodes
OSPF-1 FRSPF: Place tunnels in area 0
Tunnels are placed to PQ nodes
%LDP-5-NBRCHG: LDP Neighbor 10.100.1.13:0 (3) is UP
One or more Targetted LDP neighbors come up
BRKRST-3020
Cisco Public
80
ISIS - IOS
Configuration
IOS - ISIS
ISIS router config mode
fast-reroute per-prefix <level> {[all] | [route-map map-tag]}
N
O
T
E
S
BRKRST-3020
Supported route-map match commands

match ip address <access-list>
match tag <tag-number>
match interface <interface-name>
match ip nexthop <access-list>
Cisco Public
82
Configuration
IOS - ISIS
isis fast-reroute protection <level> disable
N
O
T
E
S
enables or disables the interface for

protection
BRKRST-3020
isis fast-reroute candidate <level> disable
N
O
T
E
S
disables using the interface

<interface> for repair path
Cisco Public
83
Configuration
IOS - ISIS
isis fast-reroute exclude <level> interface <interface-B>
N
O
T
E
S
BRKRST-3020
prevent an interface B from being

selected as LFA for any destination
whose primary next hop is via
interface A (interface on which the
command is configured)
Cisco Public
84
Troubleshooting ISIS-IOS
router#show isis fast-reroute summary
Load for five secs: 2%/0%; one minute: 1%; five minutes: 1%
Time source is hardware calendar, *09:38:52.670 UTC Mon Nov 25 2013
Tag one:
IPv4 Fast-Reroute Protection Summary:
Prefix Counts:
Total
Protected
Coverage
High priority:
0%
Normal priority:
16
12
75%
Total:
16
12
75%
BRKRST-3020
Cisco Public
85
Default Tie Breaking ISIS- IOS

show run all shows all
default commands
show run all | in tie-break
fast-reroute tie-break level-1 linecard-disjoint 40

fast-reroute tie-break level-1 lowest-backup-path-metric 30
fast-reroute tie-break level-1 node-protecting 50
fast-reroute tie-break level-1 srlg-disjoint 10
fast-reroute tie-break level-1 primary-path 20
fast-reroute
BRKRST-3020
load-sharing level-1 disable
Cisco Public
86
For Your
Reference
Default Tie Breaking ISIS - IOS

Tie-Breaker option
Description
Default values
IOS ISIS
Comment
Srlg (SRLG)
10
20
Backup is member of
ECMP set
lowest-backup-path-metric
Prefer lower metric
30

40

50

the protected path
255
Downstream (Downstr)
Disabled by default
secondary-path
Prefer secondary over primary path
Disabled by default
BRKRST-3020
Cisco Public
Not configurable.
policy
87
router#show isis rib 10.1.100.7 255.255.255.255
IPv4 local RIB for IS-IS process one
IPV4 unicast topology base (TID 0, TOPOID 0x0) =================

Repair path attributes:
DS - Downstream, LC - Linecard-Disjoint, NP - Node-Protecting
PP - Primary-Path, SR - SRLG-Disjoint
10.1.100.7/32
[115/L1/20] via 10.1.5.7(GigabitEthernet1/4), from 10.1.100.7, tag 0, LSP[6/17]
(installed)
repair path: 10.1.6.7(GigabitEthernet1/5) metric:20 (PP,DS,SR) LSP[6]
repair path attributes
[115/L1/20] via 10.1.6.7(GigabitEthernet1/5), from 10.1.100.7, tag 0, LSP[6/17]

(installed)
repair path: 10.1.5.7(GigabitEthernet1/4) metric:20 (PP,DS,SR) LSP[6]
BRKRST-3020
Cisco Public
88
router#show isis fast-reroute interfaces
Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%
Time source is hardware calendar, *10:00:36.834 UTC Mon Nov 25
2013
Tag one - Fast-Reroute Platform Support Information:

GigabitEthernet1/9: Protectable: Yes. Usable for repair: Yes
BRKRST-3020
This CLI shows whether or not an

interface is supported by the
platform.
An interface may still not be
protected or usable for repair due
to configuration setting
Cisco Public
89
debug isis fast-reroute path-selection
show isis fast-reroute remote-lfa tunnels
router#debug isis fast-reroute path-selection ?

<1-199>
Access list of prefixes
<1300-2699>
Access list (expanded range)
level-1
Apply to Level 1
level-2
Apply to Level 2
terse
Minimal fast-reroute path selection debug
Limit output by using ACL when

debugging
fSPF runs
500 ms after SPF
per-level
<cr>
BRKRST-3020
Cisco Public
90
router#
10:13:04.914: ISIS-SPF (one): L1 LSP 6 (0000.0000.0007.00-00) flagged for recalculation from 96EB874
10:13:06.914: ISIS-SPF (one): LSP 6 (0000.0000.0007.00-00) Type STD
10:13:06.914: ISIS-SPF (one): spf_result: next_hop_parents:0x14157A48 root_distance:10, parent_count:1, parent_index:1 db_on_paths:1
10:13:06.914: ISIS-SPF (one): Calculating routes for L1 LSP 6 (0000.0000.0007.00-00)
10:13:06.914: ISIS-SPF (one): lsptype:0, current_lsp(0000.0000.0007.00-00)(6)
isis_walk_lsp
current_lsp:0x20CD10B8, lsp_fragment:0x20CD10B8 calling
10:13:06.914: ISIS-SPF (one): Aging L1 LSP 6 (0000.0000.0007.00-00), version 20

10:13:06.914: ISIS-fSPF (one): SPF/PRC done.
Start frr timer. Level 1
10:13:07.114: ISIS-SPF (one): L1 LSP 1 (0000.0000.0003.00-00) flagged for recalculation from 96EB874
500 ms
10:13:07.414: ISIS-fSPF (one): FRR timer for level 1, mtid 0 expired
BRKRST-3020
Cisco Public
91
router#show ip route repair-paths 10.1.100.2

Known via "isis", distance 115, metric 20, type level-1
Redistributing via isis one
Last update from 10.1.12.2 on GigabitEthernet1/9, 00:01:10 ago
* 10.1.12.2, from 10.1.100.2, 00:01:10 ago, via GigabitEthernet1/9
Repair Path: 10.1.100.6, via MPLS-Remote-Lfa1
[RPR]10.1.100.6, from 10.1.100.2, 00:01:10 ago, via MPLS-Remote-Lfa1

PQ router
router#show isis fast-reroute remote-lfa tunnels
Tag one - Fast-Reroute Remote-LFA Tunnels:
MPLS-Remote-Lfa1: use Gi1/4, nexthop 10.1.5.7, end point 10.1.100.6
BRKRST-3020
Cisco Public
92
OSPF IOS-XR
OSPF IOS-XR
Per-link LFA: nothing
Per-prefix LFA
Per neighbor distance table
Distance from neighbor to all other routers in the area
Distance to ASBRs (pocessing Type-4 LSAs)
IPFRR SPFs run 500 ms after regular SPF

BRKRST-3020
Cisco Public
94
Show Route
RP/0/RP1/CPU0:MeltDown#show route
Tue Nov 12 18:22:22.174 CET
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G
- DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path

Gateway of last resort is 10.48.32.1 to network 0.0.0.0
O E2 1.1.1.1/32 [110/0] via 10.1.2.7, 00:08:34, GigabitEthernet0/0/4/0 (!)

[110/20] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3
O
10.1.8.0/24 [110/2] via 10.1.7.4, 00:31:10, GigabitEthernet0/0/4/2
10.1.9.0/24 [110/3] via 10.1.7.4, 00:08:34, GigabitEthernet0/0/4/2

[110/0] via 10.1.11.3, 00:08:34, GigabitEthernet0/0/4/3 (!)
BRKRST-3020
Cisco Public
95
Configuration
IOS-XR - OSPF
OSPF interface config mode
[no] fast-reroute {per-link|per-prefix}
[no] fast-reroute per-prefix exclude interface {interface-name}
[no] fast-reroute per-prefix lfa-candidate interface {interface-name}
used for allowing TE tunnel (explicit-path)
other interface types are by default on the lfa-candidate list
[no] fast-reroute per-prefix use-candidate-only
BRKRST-3020
Cisco Public
96
Configuration
IOS-XR - OSPF
[no] fast-reroute per-prefix load-sharing disable
[no] fast-reroute per-prefix priority-limit [critical|high|medium]
same or higher priority only will be calculated
[no] fast-reroute per-prefix tiebreaker {downstream|lc-disjoint|lowest-backupmetric|lowest-backup-metric|primary-path|secondary-path} index <value>

[no] fast-reroute per-prefix remote-lfa tunnel mpls-ldp
[no] fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295>
[no] fast-reroute {per-prefix|per-link} use-candidate-only
BRKRST-3020
Cisco Public
97
Configuration
IOS-XR - OSPF
OSPF interface config mode
[no] fast-reroute per-link lfa-candidate interface {interface-name}
[no] fast-reroute per-link use-candidate-only

[no] fast-reroute per-link priority-limit [critical|high|medium]
BRKRST-3020
Cisco Public
98
LFA -Candidates
IOS-XR - OSPF
router ospf ldg
RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.2/32 backup-path detail
fast-reroute per-prefix
fast-reroute per-prefix use-candidate-only enable
OSPF Route entry for 10.1.100.2/32
address-family ipv4 unicast
Route type:
area 0
Intra-area
Last updated: Jan
mpls traffic-eng
Area: 0.0.0.0,
interface Loopback0
SPF priority: 4,
network point-to-point
RIB version: 0,
6 13:05:44.837
Metric: 3
SPF version: 42
Source: Unknown
10.1.2.7, from 10.1.100.2, via GigabitEthernet0/0/4/0, path-id 1
interface tunnel-te3
Backup path:
cost 3
10.1.100.2, from 10.1.100.2, via tunnel-te3, protected bitmap 0x1
Attribues: Metric: 4, Downstream, Node Protect, SRLG Disjoint
interface GigabitEthernet0/0/4/0
network point-to-point
fast-reroute per-prefix lfa-candidate interface tunnel-te3

BRKRST-3020
Cisco Public
99
For Your
Reference
Default Tie Breaking OSPF IOS-XR
0 = not considered
Tie-Breaker option
Description
node-protecting
Default values
IOS-XR OSPF
40
lc-disjoint
30
lowest-backup-metric
Prefer lower metric
20
primary-path
10
Downstream
SRLG-disjoint
Prefer LFA not sharing the same Share Link

Group
secondary-path
Distribute remaining candidates among

prefixes sharing
theand/or
protected
2014 Cisco
its affiliates. path
All rights reserved.
BRKRST-3020
Comment
255
Cisco Public
Different linecard means also

different interface, hence this
is link protecting
Prefer primary over

secondary path
Can be disabled
100
Troubleshooting OSPF-IOS-XR
RP/0/RP1/CPU0:MeltDown#show ospf
IPFRR per-prefix tiebreakers:

Name
Index
No Tunnel (Implicit)
255
Node Protection
40
Line-card Disjoint
30
Lowest Metric
20
Primary Path
10
Downstream
Secondary Path
SRLG Disjoint
Default or configured tie breakers
Area BACKBONE(0)
Number of interfaces in this area is 4

SPF algorithm executed 24 times
Number of LSA 12.
Checksum Sum 0x045507
Flood list length 0

Number of LFA enabled interfaces 3, LFA revision 29
Number of Per Prefix LFA enabled interfaces 3
Number of neighbors forming in staggered mode 0, 2 full
BRKRST-3020
Cisco Public
101
Per-link LFA
RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.7/32 backup-path
O
10.1.100.7/32, metric 2 area 0.0.0.0

Backup path:
10.1.11.3, from 10.1.100.7, via GigabitEthernet0/0/4/3, protected bitmap 0x3
Attribues: Metric: 0,
RP/0/RP1/CPU0:MeltDown#show cef 10.1.100.7/32

10.1.100.7/32, version 315068, internal 0x4004001 (ptr 0x9da3fa88) [1], 0x0 (0x9d482838), 0x450 (0x9e31e1d0)
Updated Nov 12 15:37:48.304
remote adjacency to GigabitEthernet0/0/4/0
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 10.1.2.7, GigabitEthernet0/0/4/0, 6 dependencies, weight 0, class 0, protected [flags 0x400]
path-idx 0 bkup-idx 2 NHID 0x0 [0x9e18c554 0x9e18c880]

next hop 10.1.2.7
local label 16005
labels imposed {ImplNull}
via 10.1.11.3, GigabitEthernet0/0/4/3, 6 dependencies, weight 0, class 0, backup [flags 0x300]

path-idx 2 NHID 0x0 [0x9d772184 0x0]
next hop 10.1.11.3
remote adjacency
local label 16005

BRKRST-3020
labels imposed {30}

Cisco Public
102
RP/0/RP1/CPU0:MeltDown#show route 10.1.100.6/32 detail
Routing Descriptor Blocks
10.1.1.7, from 10.1.100.7, via GigabitEthernet0/0/4/1, Backup
Route metric is 0
Label: None
Tunnel ID: None

Extended communities count: 0
Path id:33
Path ref count:1
NHID:0x0(Ref:0)
10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2, Protected
Route metric is 3
Label: None
Tunnel ID: None

Extended communities count: 0
Path id:1
Path ref count:0
NHID:0x0(Ref:0)
Backup path id:33
Route version is 0xa6 (166)
Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (6) SVD Type RIB_SVD_TYPE_LOCAL
BRKRST-3020
Cisco Public
103
RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.6/32 detail
OSPF Route entry for 10.1.100.6/32
Route type:
Intra-area
Last updated: Nov 12 15:12:21.852

Area: 0.0.0.0,
SPF priority: 4,
RIB version: 0,
Metric: 3
SPF version: 40043
Source: Unknown
10.1.7.4, from 10.1.100.7, via GigabitEthernet0/0/4/2
RP/0/RP1/CPU0:MeltDown#show ospf routes 10.1.100.6/32 backup-path

Codes: O - Intra area, O IA - Inter area
O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O
10.1.100.6/32, metric 3 area 0.0.0.0

Backup path:
10.1.1.7, from 10.1.100.7, via GigabitEthernet0/0/4/1, protected bitmap 0x1
Attribues: Metric: 2, Downstream, Node Protect, SRLG Disjoint
BRKRST-3020
Cisco Public
104
RP/0/RP1/CPU0:MeltDown#show ospf statistics fast-reroute

ospf_show_stats_ipfrr
OSPF 1 IPFRR Statistics:

Number of paths:
16
Number of paths enabled for protection :
16 (100%)
Number of paths protected:
13 (81%)
BRKRST-3020
Cisco Public
105
Per Neighbor Distance Table

RP/0/RP1/CPU0:MeltDown#show ospf 1 fast-reroute topology 10.1.100.7
Neighbor topology
OSPF Router with ID (10.1.100.1) (Process ID 1)

IPFRR Topology for Node 10.1.100.7, Area 0 , LFA revision 42
Node-ID
Distance
Type
Revision
10.1.100.1
42
10.1.100.2
42
10.1.100.3
42
10.1.100.4
42
10.1.100.5
42
10.1.100.6
42
10.1.100.7
42
BRKRST-3020
is not stored for per-link LFA
ASBR
Cisco Public
106
Remote Backup
RP/0/RP1/CPU0:MeltDown#show route 10.1.100.6
Known via "isis one", distance 115, metric 20, type level-1
Installed Dec
3 08:29:26.036 for 04:29:19

Route metric is 20
10.1.11.3, from 10.1.100.6, via GigabitEthernet0/0/4/3, Backup (remote)
Remote LFA is 10.1.100.5
Route metric is 0
No advertising protos.
BRKRST-3020
Cisco Public
107
Remote Backup
RP/0/RP1/CPU0:MeltDown# show mpls ldp forwarding fast-reroute
Codes:
- = GR label recovering, (!) = LFA FRR pure backup path
{} = Label stack with multi-line output for a routing path
G = GR, S = Stale, R = Remote LFA FRR backup
Prefix
Label
Label(s)
Outgoing
In
Out
Interface
Next Hop
Flags
G S R
---------------- ------- -------------- ------------ ------------------- ----10.1.100.2/32

10.1.100.6/32
16001
16004
16001
Gi0/0/4/1
10.1.1.7
27
Gi0/0/4/3
10.1.11.3
37
Gi0/0/4/2
10.1.7.4
{ 29
Gi0/0/4/3
10.1.11.3
16007 }
(!)
(!)
MPLS tunnel to
10.1.100.5
(10.1.100.5)
mpls ldp discovery targeted-hello accept

BRKRST-3020
Cisco Public
108
Debugging IPFRR in OSPF

debug ospf <name> trace detail ipfrr
very chatty!
redirect output to file
show ospf trace all | in ipfrr
BRKRST-3020
Cisco Public
109
ISIS IOS-XR
Configuration
IOS-XR - ISIS
ISIS interface config mode
[no] fast-reroute {per-link|per-prefix}
[no] fast-reroute per-prefix exclude interface {interface-name}
[no] fast-reroute per-prefix lfa-candidate interface {interface-name}
used for allowing TE tunnel (explicit-path)
[no] fast-reroute per-prefix level {1-2}
BRKRST-3020
Cisco Public
111
Configuration
IOS-XR - ISIS
[no] fast-reroute per-prefix load-sharing disable
same or higher priority only will be calculated
[no] fast-reroute per-prefix use-candidate-only

[no] fast-reroute per-prefix tiebreaker {downstream|lc-disjoint|lowest-backupmetric|lowest-backup-metric|primary-path|secondary-path} index <value>
[no] fast-reroute per-prefix remote-lfa tunnel mpls-ldp
[no] fast-reroute per-prefix remote-lfa maximum-cost <1-4294967295>
BRKRST-3020
Cisco Public
112
Configuration
IOS-XR - ISIS
ISIS interface config mode
[no] fast-reroute per-link lfa-candidate interface {interface-name}
[no] fast-reroute per-link exclude {interface-name}
[no] fast-reroute per-link level {1-2}

[no] fast-reroute per-link priority-limit [critical|high|medium]
[no] fast-reroute per-link use-candidate-only
BRKRST-3020
Cisco Public
113
Troubleshooting ISIS-IOS-XR
RP/0/RP1/CPU0:MeltDown#show route isis
i L1 10.1.100.2/32 [115/30] via 10.1.11.3, 17:00:42, GigabitEthernet0/0/4/3
(!) - FRR Backup path
i L1 10.1.100.3/32 [115/10] via 10.1.11.3, 17:00:42, GigabitEthernet0/0/4/3

(!) - FRR Backup path
RP/0/RP1/CPU0:MeltDown# show route 10.1.100.3

Known via "isis one", distance 115, metric 10, type level-1
10.1.2.7, from 10.1.100.3, via GigabitEthernet0/0/4/0, Backup

Route metric is 0
Route metric is 10
No advertising protos.
BRKRST-3020
Cisco Public
114
RP/0/RP1/CPU0:MeltDown#show isis fast-reroute detail 10.1.100.7/32
IS-IS one IPv4 Unicast FRR backups
Codes: L1 - level 1, L2 - level 2, ia - interarea (leaked into level 1)

df - level 1 default (closest attached router), su - summary null
C - connected, S - static, R - RIP, B - BGP, O - OSPF
E - EIGRP, A - access/subscriber
i - IS-IS (redistributed from another instance)
D - Downstream, LC - Line card disjoint, NP - Node protecting
P - Primary path, SRLG - SRLG disjoint, TM - Total metric via backup

L1 10.1.100.7/32 [20/115] medium priority
via 10.1.2.7, GigabitEthernet0/0/4/0, replanet
No FRR backup
via 10.1.1.7, GigabitEthernet0/0/4/1, replanet
FRR backup via 10.1.2.7, GigabitEthernet0/0/4/0, replanet

P: Yes, TM: 20, LC: No, NP: No, D: Yes, SRLG: No
src replanet.00-00, 10.1.100.7
L2 adv [20] native, propagated
BRKRST-3020
Cisco Public
115
RP/0/RP1/CPU0:MeltDown#show isis fast-reroute 10.1.100.6/32 detail
Tue Dec
3 08:32:32.245 CET
L1 10.1.100.6/32 [20/115] medium priority

via 10.1.7.4, GigabitEthernet0/0/4/2, stalin
Remote FRR backup via abigor [10.1.100.5], via 10.1.11.3, GigabitEthernet0/0/4/3 kechance
P: No, TM: 30, LC: No, NP: No, D: No, SRLG: Yes
src burke.00-00, 10.1.100.6
Remote FRR
Backup path
Targetted LDP session to

this LDP router
BRKRST-3020
Cisco Public
116
RP/0/RP1/CPU0:MeltDown#show isis fast-reroute summary
IS-IS one IPv4 Unicast FRR summary
Critical
High
Medium
Low
Total
Priority
Priority
Priority
Priority
All paths protected
10
14
Some paths protected
Unprotected
Protection coverage
0.00%
0.00%
66.67%
83.33%
77.78%
Prefixes reachable in L1
BRKRST-3020
Cisco Public
117
RP/0/RP1/CPU0:MeltDown#debug isis spf frr ?
A.B.C.D/length
IPv4 Network to filter debug output on
X:X::X/length
IPv6 Network to filter debug output on
detail
Detail operation of the algorithm on each node
internal
Show internal IS-IS debug(cisco-support)
level
Filter IS-IS debug by level
lsp-id
Filter IS-IS debug by LSP ID
prefix-list
Filter IS-IS debug by prefix list
summary
Overview of route calculation events without detailing results
thread
Filter IS-IS debug by thread(cisco-support)
topology
Filter IS-IS debug by topology
tracepoint
Filter by Tracepoint ID(cisco-support)
verbose
Detail each prefix
<cr>
BRKRST-3020
Cisco Public
118
For Your
Reference
Default Tie Breaking ISIS IOS-XR

Tie-Breaker option
Description
Default values
IOS-XR ISIS
Comment
10
Backup is member of
ECMP set
Prefer lower metric
20

30

40

the protected path
255
Srlg (SRLG)
Disabled by default
Downstream (Downstr)
Disabled by default
secondary-path
Disabled by default
BRKRST-3020
Cisco Public
Not configurable.
policy
119
Configuration
Microloop Avoidance
Both OSPF
& ISIS
Microloop avoidance turned on for rLFA protected prefixes by default!
OSPF router/ISIS router AF config mode
Both IOS &

IOS-XR
[no] microloop avoidance [protected]

Only for routes which have repair paths. It is recommended to have
this keyword when microloop avoidance is enabled manually (i.e. when
router does not have the Remote LFA enabled)
[no] microloop avoidance rib-update-delay <delay>

Delay in milliseconds; default is 5 seconds
debug isis microloop-avoidance [ level-1 | level-2]

BRKRST-3020
Cisco Public
120
Deployment
A mix of routers with difference in speed, leads to slower/faster reaction to
network events
Can lead to micro-loops
BRKRST-3020
Cisco Public
121
EIGRP
Only Per-Prefix LFA
EIGRP uses the Diffusing Update Algorithm (DUAL) to calculate the successor and
feasible successors
Uses existing Feasible Successors for repair paths, so no additional computational load
New: repair route is ready
Automatically enabled on all interfaces covered by the protocol
Repair paths can be equal or unequal cost (though variance command)
Coverage is not necessarily 100%
Design the network to have Feasible Successors
metric calculation (BW and delay only)
10 7
metric
delays * 256
min bandwidth
BRKRST-3020
Cisco Public
122
EIGRP
kechance#show ip eigrp topology 10.1.100.1 255.255.255.255
EIGRP-IPv4 VR(one) Topology Entry for AS(1)/ID(10.1.100.3) for 10.1.100.1/32

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1376256, RIB is 10752
Descriptor Blocks:
10.1.11.1 (GigabitEthernet1/10), from 10.1.11.1, Send flag is 0x0
Composite metric is (1376256/131072), route is Internal
Feasibility Condition (loopfree) = Reported

Distance (RD) by neighbor is lower than Feasible
Distance (FD)
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 11000000 picoseconds
Reliability is 255/255
Load is 1/255
successor
Minimum MTU is 1500

Hop count is 1
Originating router is 10.1.100.1
10.1.5.7 (GigabitEthernet1/4), from 10.1.5.7, Send flag is 0x0
Composite metric is (1376583/131399), route is Internal

Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 11005000 picoseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1000
feasible successor
Hop count is 2
+ repair path
Originating router is 10.1.100.1
BRKRST-3020
Cisco Public
123
Configuration
IOS - EIGRP
EIGRP router config mode
[no] fast-reroute load-sharing disable
[no] fast-reroute per-prefix {all|route-map}

[no] fast-reroute per-prefix tiebreak {lowest-backup-path-metric|interfacedisjoint|linecard-disjoint |srlg-disjoint} <priority number>
router eigrp one
!
address-family ipv4 unicast autonomous-system 1
!
topology base
fast-reroute per-prefix all
exit-af-topology
network 10.0.0.0
BRKRST-3020
Cisco Public
124
Troubleshooting
IOS - EIGRP
debug eigrp frr
show ip eigrp topology frr

router#show ip eigrp topology frr
EIGRP-IPv4 VR(one) Topology Table for AS(1)/ID(10.1.100.3)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 10.1.100.1/32, 1 successors, FD is 1376256
via 10.1.11.1 (1376256/131072), GigabitEthernet1/10
via 10.1.5.7 (1376583/131399), GigabitEthernet1/4, [LFA]
BRKRST-3020
Cisco Public
125
For Your
Reference
Default Tie Breaking EIGRP IOS
Tie-Breaker option
Description
Default values
IOS OSPF
Comment
srlg (SRLG)
10
interface-disjoint (IntfDj)
Prefer path over other interface than protected one
20
Prefer lower metric
30

40

BRKRST-3020
Cisco Public
126
Troubleshooting Roundup
LFA coverage is not always 100%
Perhaps LFA is only enabled for one OSPF area only
LFA is by default only for the high priority prefixes

Remote LFA coverage is not always 100%
Some destinations can be behind routers without LDP enabled

Targetted LDP session can be down
Perhaps mpls ldp discovery targeted-hello accept [from <acl>] was forgotten
Perhaps LFA is not enabled for external prefixes
Check coverage with fast-reroute summary commands

Enable fast-reroute keep-all-paths in IOS in order to easily compare the path attributes
Use show commands (IOS or IOS-XR equivalent commands)
show ip route <prefix>

show ip route repair <prefix>
show ip ospf rib <prefix>
Show ip cef <prefix>
check CEF table for backup path and MPLS labels
Use debug commands

BRKRST-3020
Cisco Public
127
Conclusion
Conclusion
Its simple
Simple CLI, simple functionality
Its fast
Its rich
Link, node, SRLG protection
Deployment friendly
No protocol change, local to one router, incremental deployment
Good scaling
Remote LFA to the rescue for difficult topologies
For example: ring topologies
Topology dependant
Might not be providing 100% coverage
BRKRST-3020
Cisco Public
129
Complete Your Online Session Evaluation

Complete your session evaluation
online now through either the mobile
app or internet kiosk stations.
Maximize your Cisco Live experience with your
free Cisco Live 365 account. Download session
PDFs, view sessions on-demand and participate in
live activities throughout the year. Click the Enter
Cisco Live 365 button in your Cisco Live portal to
log in.
Note: This slide is now a Layout choice

BRKRST-3020
Cisco Public
130
Availability IPv4
OSPFv2 Per
Link LFA
7600
(IOS)
ASR1K
(IOSXE)
ASR901
ASR903 ISR4451--X ME3600
(IOS-XE)
ME3800 CSR1000v
ISIS Per Link

LFA
ASR9K
(IOSXR)
CRS1
(IOSXR)
12K
(IOS-XR)
4.0.1
3.9.0
4.0.1
4.0.1
3.5.0
4.0.1
OSPFv2 LFA
15.1(3)S
(per prefix)
3.4.0S
3.6.0S
3.8.0S
4.2.0
4.2.0
4.2.0
ISIS LFA (per

15.1(2)S
prefix)
3.4.0S
3.6.0S
3.8.0S
4.0.1
4.0.1
4.0.1
5.1.0
4.3.1?
5.1.0
4.3.1?
EIGRP LFA
(per prefix)
15.2(4)S
OSPFv2
Remote LFA
15.2(2)S
15.2(2)SNI
15.3(2)S
15.3(2)S
ISIS Remote
LFA
15.2(2)S
15.2(2)SNI
15.3(2)S
15.3(2)S
ISIS LFA (per

prefix) VPLS 15.1(2)S1
Core
BRKRST-3020
3.9.0aS
Cisco Public
132
Availability IPv6
7600 (IOS) ASR1K (IOS-XE) ASR9K (IOS-XR)
Per Link LFA
CRS1 (IOS-XR)
4.3.1
4.3.1
OSPFv3 LFA (per prefix)
4.3.1
4.3.1
ISIS LFA (per prefix)
4.3.1
4.3.1
EIGRP LFA (per prefix)

OSPFv3 Remote LFA
ISIS Remote LFA
BRKRST-3020
Cisco Public
133

Cisco Live IP LFA Architecture and Troubleshooting

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cisco Live IP LFA Architecture and Troubleshooting

Hochgeladen von

Copyright:

Verfügbare Formate

IP LFA (Loop-Free-Alternative): Architecture

Configuration, implementation and troubleshooting (OSPF, ISIS, EIGRP) in

2014 Cisco and/or its affiliates. All rights reserved.

One implementation is LFA

2014 Cisco and/or its affiliates. All rights reserved.

The goal was to provide 50 ms restoration (actual speed depends on platform)

One single link failure

Simpler than MPLS TE FRR to configure and operate

2014 Cisco and/or its affiliates. All rights reserved.

Convergence, Protection, Restoration

Pre-computed backup path

2014 Cisco and/or its affiliates. All rights reserved.

LFA and MPLS TE Comparison

Constraints based with bandwidth

Control Plane Requirements

Effective with mesh

No dependency. Always works.

Load distribution over multiple repair paths

2014 Cisco and/or its affiliates. All rights reserved.

Reducing Loss Of Connectivity (LoC)

Data Plane Convergence (FRR)

2014 Cisco and/or its affiliates. All rights reserved.

Principal Idea Behind LFA

R1 has best path : R1-R2

2014 Cisco and/or its affiliates. All rights reserved.

Building Blocks of LFA

Building Block of LFA

Pre-compute repair path

Put repair path in data plane (CEF)

Fast Link down detection best to

Normal convergence occurs after the

2014 Cisco and/or its affiliates. All rights reserved.

Principal Mechanism of LFA

2014 Cisco and/or its affiliates. All rights reserved.

Principal Mechanism of LFA

reverse SPF = rSPF

2014 Cisco and/or its affiliates. All rights reserved.

General Theory Definitions

Source (local) router

The router where all calculations are done

The router where the prefixes are connected

The neighbor router which is the alternate next

Another neighboring router

The primary next hop router

The lowest cost from A to B

2014 Cisco and/or its affiliates. All rights reserved.

General Theory - Rules

Inequality 1: D(N,D) < D(N,S) + D(S,D)

Neighbor router is closer to the destination than local router.

N is the protecting next

Inequality 3: D(N,D) < D(N,E) + D(E,D)

2014 Cisco and/or its affiliates. All rights reserved.

General Theory - Rules

2014 Cisco and/or its affiliates. All rights reserved.

D(N,D) < D(N,S) + D(S,D)

D(N,D) < D(S,D)

D(N,D) < D(N,E) + D(E,D)

D(N,D) < D(N,S) + D(S,D)

D(N,D) < D(S,D)

D(N,D) < D(N,E) + D(E,D)

2014 Cisco and/or its affiliates. All rights reserved.

D(N,D) < D(N,S) + D(S,D)

D(N,D) < D(S,D)

D(N,D) < D(N,E) + D(E,D)