Pages

Sunday, June 14, 2020

Segment Routing - Ti-LFA - Node Protection

In the previous post we have seen how does "Segment Routing - Ti-LFA - Adjacency Sid Protection - Link Protection" works when Segment Routing is enabled. The main advantage of using Ti-LFA link protection is that primary link is excluded during post convergence backup path calculations. Ti-LFA Link protection provides 50ms resilience during the time of failure of link. There might be possibility of link failure due to node failure but XR-11 will never come to know till IGP convergence is completed.

Now node xr-11 can calculate the backup path by using TI-LFA node protection which provides protection from neighbor node failures. The neighbor node (XR-1) is excluded during the post convergence backup path calculation.



As per previous post, Ti-LFA node protection is already configured and now we will be configuring Ti-LFA node protection. 
       
router isis 1
  !
 interface GigabitEthernet0/0/0/0
  point-to-point
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa
   fast-reroute per-prefix tiebreaker node-protecting index 100 -> Ti-LFA Node Protection With Priority 100
   metric 500
  !
!
 interface GigabitEthernet0/0/0/1
  point-to-point
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa
   fast-reroute per-prefix tiebreaker node-protecting index 100 -> Ti-LFA Node Protection With Priority 100
   metric 500
  !


Point To Remember
Both link-protecting and node-protecting TI-LFA backup paths will be computed. If the priority(index) associated with the node-protecting tiebreaker is higher than any other tiebreakers, then node-protecting post-convergence backup paths will be selected, if it is available.


Verify below configuration which shows that node protection post-convergence backup is selected. Now instead XR-1, XR-6 is selected. For more details on PQ Node, refer to post "Segment Routing - Topology Independent LFA" 
       
RP/0/0/CPU0:xrvr-11#show isis fast-reroute 1.1.1.12/32 detail
L2 1.1.1.12/32 [1020/115] medium priority
     via 99.1.11.1, GigabitEthernet0/0/0/0, xrvr-1, SRGB Base: 16000, Weight: 0
         Backup path: TI-LFA (node), via 99.5.11.5, GigabitEthernet0/0/0/1 xrvr-5, SRGB Base: 16000, Weight: 0
           P node: xrvr-5.00 [1.1.1.5], Label: ImpNull
           Q node: xrvr-6.00 [1.1.1.6], Label: 24001
           Prefix label: 16012
       P: No, TM: 1050, LC: No, NP: Yes, D: Yes, SRLG: No
     src xrvr-12.00-00, 1.1.1.12, prefix-SID index 12, R:0 N:1 P:0 E:0 V:0 L:0
RP/0/0/CPU0:xrvr-11#


Check the routing table to verify that backpath is installed or not: 
       
RP/0/0/CPU0:xrvr-11#show route 1.1.1.12/32 detail
Routing entry for 1.1.1.12/32
  Known via "isis 1", distance 115, metric 1020, labeled SR, type level-2
  Installed May 30 17:49:13.744 for 00:04:26
  Routing Descriptor Blocks
    99.1.11.1, from 1.1.1.12, via GigabitEthernet0/0/0/0, Protected
      Route metric is 1020
      Label: 0x3e8c (16012)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:1       Path ref count:0
      NHID:0x6(Ref:24)
      Backup path id:65
    99.5.11.5, from 1.1.1.12, via GigabitEthernet0/0/0/1, Backup (TI-LFA)
      Repair Node(s): 1.1.1.5, 1.1.1.6
      Route metric is 1050
      Labels: 0x100004 0x5dc1 0x3e8c (1048580 24001 16012)  -> 1048580 label is used for impicit null
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:65              Path ref count:1
      NHID:0x5(Ref:24)
  Route version is 0x3d (61)
  Local Label: 0x3e8c (16012)
  IP Precedence: Not Set
  QoS Group ID: Not Set
  Flow-tag: Not Set
  Fwd-class: Not Set
  Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (7) SVD Type RIB_SVD_TYPE_LOCAL
  Download Priority 1, Download Version 838
  No advertising protos.
RP/0/0/CPU0:xrvr-11#


Veriy CEF table and match the labels imposed with the above mentioned labels. 
       
RP/0/0/CPU0:xrvr-11#show cef 1.1.1.12/32
Sat May 30 17:54:39.252 UTC
1.1.1.12/32, version 838, labeled SR, internal 0x1000001 0x81 (ptr 0xa12fcb8c) [2], 0x0 (0xa12e1cd4), 0xa28 (0xa18b61dc)
 Updated May 30 17:49:13.764
 local adjacency 99.1.11.1
 Prefix Len 32, traffic index 0, precedence n/a, priority 1
 Extensions: context-label:16012
   via 99.1.11.1/32, GigabitEthernet0/0/0/0, 11 dependencies, weight 0, class 0, protected [flags 0x400]
    path-idx 0 bkup-idx 1 NHID 0x0 [0xa18d05d0 0xa18d00e4]
    next hop 99.1.11.1/32
     local label 16012      labels imposed {16012}
   via 99.5.11.5/32, GigabitEthernet0/0/0/1, 11 dependencies, weight 0, class 0, backup (TI-LFA) [flags 0xb00]
    path-idx 1 NHID 0x0 [0xa15fd560 0xa15fd4a8]
    next hop 99.5.11.5/32, Repair Node(s): 1.1.1.5, 1.1.1.6        -> Verify Repair Nodes. Node 1 is not coming in the path
    local adjacency
     local label 16012      labels imposed {ImplNull 24001 16012}
RP/0/0/CPU0:xrvr-11#
With maximum of 3 transport labels, we can reach to the destination. Here is the beginning of my post. And here is the rest of it.
at No comments:

Saturday, June 6, 2020

Segment Routing - Ti-LFA - Adjacency Sid Protection

Brief overview was shared in earlier post of "Segment Routing - Topology Independent LFA". In this post, I am showing some simulated results of per prefix Ti-LFA where in case of primary link failure, SR-MPLS with Ti-LFA enabled seamlessly re-route the destined traffic by excluding the direct link. If direct adjacent node need to be exclude from Ti-LFA calculation, it is called Ti-LFA node protection.

Below is SR-MPLS enabled topology used for simulation. XR-11 is sending traffic to loopback 1.1.1.12 (XR-12). There is no Ti-LFA configured on XR-11.



Verify that Ti-LFA is not configured 
       
RP/0/0/CPU0:xrvr-11#show isis fast-reroute 1.1.1.12/32 detail
L2 1.1.1.12/32 [1020/115] medium priority
     via 99.1.11.1, GigabitEthernet0/0/0/0, xrvr-1, SRGB Base: 16000, Weight: 0
       No FRR backup        (Check here)
     src xrvr-12.00-00, 1.1.1.12, prefix-SID index 12, R:0 N:1 P:0 E:0 V:0 L:0
RP/0/0/CPU0:xrvr-11#


ISIS adjacency is configured for IPv4 and IPv6 address family. 
       
RP/0/0/CPU0:xrvr-11#show isis adjacency systemid xrvr-1  detail
IS-IS 1 Level-2 adjacencies:
System Id      Interface        SNPA           State Hold Changed  NSF IPv4 IPv6
                                                                       BFD  BFD
xrvr-1         Gi0/0/0/0        *PtoP*         Up    21   00:08:59 Yes None None
  Area Address:           49.0001
  Neighbor IPv4 Address:  99.1.11.1*
  Adjacency SID:          24000           -> Adjacency SID for IPv4 address family. This is not protected, so no backup interface
  Non-FRR Adjacency SID:  24001
  Neighbor IPv6 Address:  fe80::f816:3eff:fe8b:9b27*
  Adjacency SID:          24002    -> Adjacency SID for IPv6 address family. This is not protected, so no backup interface
  Non-FRR Adjacency SID:  24003
  Topology:               IPv4 Unicast
  Topology:               IPv6 Unicast
RP/0/0/CPU0:xrvr-11#


Verify MPLS forwarding. Most of the output is deleted for brevity 
       
RP/0/0/CPU0:xrvr-11#show mpls forwarding
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
16001  Pop         SR Pfx (idx 1)     Gi0/0/0/0    99.1.11.1       0
16002  16002       SR Pfx (idx 2)     Gi0/0/0/0    99.1.11.1       0
16003  16003       SR Pfx (idx 3)     Gi0/0/0/0    99.1.11.1       0
16004  16004       SR Pfx (idx 4)     Gi0/0/0/0    99.1.11.1       2553
16005  Pop         SR Pfx (idx 5)     Gi0/0/0/1    99.5.11.5       0
16006  16006       SR Pfx (idx 6)     Gi0/0/0/0    99.1.11.1       0
16007  16007       SR Pfx (idx 7)     Gi0/0/0/0    99.1.11.1       0
16012  16012       SR Pfx (idx 12)    Gi0/0/0/0    99.1.11.1       18048
16013  16013       SR Pfx (idx 13)    Gi0/0/0/0    99.1.11.1       0
24000  Pop         SR Adj (idx 1)     Gi0/0/0/0    99.1.11.1       0
24001  Pop         SR Adj (idx 3)     Gi0/0/0/0    99.1.11.1       0
24002  Pop         SR Adj (idx 1)     Gi0/0/0/0    fe80::f816:3eff:fe8b:9b27   \
                                                                   0
24003  Pop         SR Adj (idx 3)     Gi0/0/0/0    fe80::f816:3eff:fe8b:9b27   \
                                                                   0
RP/0/0/CPU0:xrvr-11#


Verify end to end path for XR-12 
       
RP/0/0/CPU0:xrvr-11#traceroute 1.1.1.12
Tracing the route to 1.1.1.12
 1  99.1.11.1 [MPLS: Label 16012 Exp 0] 9 msec  9 msec  9 msec
 2  99.1.2.2 [MPLS: Label 16012 Exp 0] 9 msec  9 msec  9 msec
 3  99.2.3.3 [MPLS: Label 16012 Exp 0] 9 msec  9 msec  9 msec
 4  99.3.12.12 9 msec  9 msec  9 msec


Configure Ti-LFA for IPv4 address family only on XR-11: 
       
router isis 1
  !
 interface GigabitEthernet0/0/0/0
  point-to-point
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa
   metric 500
  !
!
 interface GigabitEthernet0/0/0/1
  point-to-point
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa
   metric 500
  !


Once configured Ti-LFA, XR-11 will consider path via XR-5 in case failure between XR-11 and XR-1 as shown in the below topology.


Verify ISIS adjacency towards XR-1 
       
RP/0/0/CPU0:xrvr-11#show isis adjacency systemid xrvr-1  detail
IS-IS 1 Level-2 adjacencies:
System Id      Interface        SNPA           State Hold Changed  NSF IPv4 IPv6
                                                                       BFD  BFD
xrvr-1         Gi0/0/0/0        *PtoP*         Up    26   00:16:29 Yes None None
  Area Address:           49.0001
  Neighbor IPv4 Address:  99.1.11.1*
  Adjacency SID:          24000 (protected)      -> Adjacency SID is protected
   Backup label stack:    [16001]   -> Adjacency SID 24000 is protected with 16001 backup
   Backup stack size:     1
   Backup interface:      Gi0/0/0/1              -> Now backup interface is showing
   Backup nexthop:        99.5.11.5   -> Next hop address is XR-5
   Backup node address:   1.1.1.1          -> Backup node is XR-1
  Non-FRR Adjacency SID:  24001         
  Neighbor IPv6 Address:  fe80::f816:3eff:fe8b:9b27*
  Adjacency SID:          24002                  -> We have configured Ti-LFA for IPv4. Still IPv6 traffic is not protected
  Non-FRR Adjacency SID:  24003
  Topology:               IPv4 Unicast
  Topology:               IPv6 Unicast
RP/0/0/CPU0:xrvr-11#


Verify Ti-LFA for XR-12 (show the below config - prefix-SID index 12) 
       
RP/0/0/CPU0:xrvr-11#show isis fast-reroute 1.1.1.12/32 detail
L2 1.1.1.12/32 [1020/115] medium priority
     via 99.1.11.1, GigabitEthernet0/0/0/0, xrvr-1, SRGB Base: 16000, Weight: 0
       FRR backup via 99.5.11.5, GigabitEthernet0/0/0/1, xrvr-5, SRGB Base: 16000, Weight: 0, Metric: 1030
       P: No, TM: 1030, LC: No, NP: No, D: Yes, SRLG: Yes
     src xrvr-12.00-00, 1.1.1.12, prefix-SID index 12, R:0 N:1 P:0 E:0 V:0 L:0
RP/0/0/CPU0:xrvr-11#


Below output is showing that Gi0/0/0/0 is protected with Gi0/0/0/1. In case of failure of Gi0/0/0/0 link, XR-11 will add 16001 as outgoing label which is prefix sid of XR-1. 
       
RP/0/0/CPU0:xrvr-11#show mpls forwarding labels 24000
Tue May 26 17:42:12.824 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24000  Pop         SR Adj (idx 1)     Gi0/0/0/0    99.1.11.1       0
       16001       SR Adj (idx 1)     Gi0/0/0/1    99.5.11.5       0            (!)
RP/0/0/CPU0:xrvr-11#


The above output can be cross verify by running below command. 
       
RP/0/0/CPU0:xrvr-11#show mpls forwarding labels 24000 detail
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24000  Pop         SR Adj (idx 1)     Gi0/0/0/0    99.1.11.1       0
     Path Flags: 0x400 [  BKUP-IDX:1 (0xa18d01fc) ]
     Version: 120, Priority: 1
     Label Stack (Top -> Bottom): { Imp-Null }
     NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 1, Weight: 500
     MAC/Encaps: 14/14, MTU: 1500
     Packets Switched: 0

     16001          SR Adj (idx 1)     Gi0/0/0/1    99.5.11.5       0            (!)
     Path Flags: 0x100 [  BKUP, NoFwd ]
     Version: 120, Priority: 1
     Label Stack (Top -> Bottom): { 16001 }   -> Backup label
     NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 500
     MAC/Encaps: 14/18, MTU: 1500
     Packets Switched: 0
     (!): FRR pure backup
RP/0/0/CPU0:xrvr-11#


Now finally verify the forwarding plane: 
       
RP/0/0/CPU0:xrvr-11#show cef 1.1.1.12/32 detail
1.1.1.12/32, version 112, labeled SR, internal 0x1000001 0x81 (ptr 0xa12e5a7c) [2], 0x0 (0xa12ca878), 0xa28 (0xa18b607c)
 Updated May 26 15:27:01.779
 local adjacency 99.1.11.1
 Prefix Len 32, traffic index 0, precedence n/a, priority 1
 Extensions: context-label:16012           -> Check the special label
  gateway array (0xa122fdb4) reference count 21, flags 0xa00068, source rib (7), 0 backups
                [8 type 5 flags 0x8401 (0xa15618c0) ext 0x0 (0x0)]
  LW-LDI[type=5, refc=3, ptr=0xa12ca878, sh-ldi=0xa15618c0]
  gateway array update type-time 1 May 26 15:27:01.779
    via 99.1.11.1/32, GigabitEthernet0/0/0/0, 9 dependencies, weight 0, class 0, protected [flags 0x400]
    path-idx 0 bkup-idx 1 NHID 0x0 [0xa18d00e4 0x0]
    next hop 99.1.11.1/32
     local label 16012      labels imposed {16012}
   via 99.5.11.5/32, GigabitEthernet0/0/0/1, 9 dependencies, weight 0, class 0, backup (Local-LFA) [flags 0x300]
    path-idx 1 NHID 0x0 [0xa15fd4a8 0x0]
    next hop 99.5.11.5/32
    local adjacency
     local label 16012      labels imposed {16012}
    Hash  OK  Interface                 Address
    0     Y   GigabitEthernet0/0/0/0    99.1.11.1
RP/0/0/CPU0:xrvr-11#


Now shutdown the link between XR-11 and XR-1 and check the backup path 
       
RP/0/0/CPU0:xrvr-11#traceroute 1.1.1.12
Tracing the route to 1.1.1.12
 1  99.5.11.5 [MPLS: Label 16012 Exp 0] 39 msec  9 msec  9 msec
 2  99.1.5.1 [MPLS: Label 16012 Exp 0] 9 msec  9 msec  9 msec
 3  99.1.2.2 [MPLS: Label 16012 Exp 0] 9 msec  9 msec  9 msec
 4  99.2.3.3 [MPLS: Label 16012 Exp 0] 9 msec  9 msec  9 msec
 5  99.3.12.12 9 msec  9 msec  9 msec
RP/0/0/CPU0:xrvr-11#
at No comments: