FRRLink Protection

With link protection, one particular link used for TE is protected. This means that all TE tunnels that are crossing this link are protected by one backup tunnel. This technique is also called facility backup because a complete link—with all its TE LSPs—is backed up. Figure 8-15 shows a simple network whereby the link R1-R2 is protected by a backup tunnel R1-R3-R2. This backup tunnel protects only the TE tunnels in the direction from R1 to R2. Therefore, to protect all tunnels crossing the link R1-R2 in both directions, you need another backup tunnel R2-R3-R1.

Figure 8-15 Link Protection

NHOP Backup Tunnel

NHOP Backup Tunnel

TE Tunnel 1

— — — — — — — — — — — — — — — — — — — — — »■ TE Tunnel 2

— — — — — — — — — — — — — — — — — — — — — »• TE Tunnel 3

— — — — — — — — — — — — — — — — — — — — — >• TE Tunnel 4

— — — — — — — — — — — — — — — — — — — — — »■

TE Tunnel 1

— — — — — — — — — — — — — — — — — — — — — »■ TE Tunnel 2

— — — — — — — — — — — — — — — — — — — — — »• TE Tunnel 3

— — — — — — — — — — — — — — — — — — — — — >• TE Tunnel 4

— — — — — — — — — — — — — — — — — — — — — »■

In the case of link protection, the backup tunnel is also called a next-hop (NHOP) bypass tunnel and always starts on the point of local repair (PLR). The PLR here is router R1. The backup tunnel for link protection always connects to the next-hop router; this means the router at the remote end of the link. This router is the merge point (MP), because this is the router where the protected tunnel and backup tunnel merge. The backup tunnel is an explicit path tunnel that RSVP signals. The backup tunnel in Figure 8-15 is only two hops, but it can be as many hops as you want. When the backup tunnel is created, RSVP signals the labels as usual. In Figure 8-16, R2 signals R3 to use label 3 (the implicit NULL label), and R3 signals R1 to use label 16 for the backup tunnel.

NHOP Backup Tunnel

NHOP Backup Tunnel

The TE tunnel 1 is crossing the link R1-R2. Look at Figure 8-17 to see the packet forwarding for tunnel 1, when the protection is not yet in use.

Figure 8-17 Packet Forwarding for Tunnel 1

NHOP Backup Tunnel

NHOP Backup Tunnel

Label 30

Label 33

Label 40

TE Tunnel 1

Label 30

Label 33

Label 40

IP Packet

IP Packet

IP Packet

TE Tunnel 1

The packets on the LSP of tunnel 1 are coming in on router R1 with a label of 30. This label is swapped with label 33 when the packet leaves router R1. Finally, label 33 is swapped with label 40, outgoing from router R2. Look at Figure 8-18 to see what happens concerning the packet forwarding when the link R1-R2 fails. As soon as the link R1-R2 fails, the PLR (here R1) starts to send the traffic on TE tunnel 1 onto the NHOP backup tunnel across R3.

Figure 8-18 Packet Forwarding for Tunnel 1 with FRR Active

NHOP Backup Tunnel

Figure 8-18 Packet Forwarding for Tunnel 1 with FRR Active

NHOP Backup Tunnel

Label 40

Label 40

IP Packet

TE Tunnel 1

— — — — — — — — — — — — — — — — — — — — — »The incoming packets on R1 are label swapped as before: Label 30 is swapped with label 33. Then the additional label for the NHOP tunnel, label 16, is pushed onto the packet. The packet is label-switched on the NHOP backup tunnel until it reaches router R2 (the MP), the tail end router of the protected link. Notice that the packet arrives at R2 with label 33. When the link R1-R2 was not failing, the packet arrived at router R2 with the same label. The only difference is that now the packet arrives at R2 via another interface. Because the platform-wide label space is used, this does not cause a problem. As long as the interface uses the platform-wide label space (and not an LC-ATM interface, for example), the router does not check on which MPLS-enabled interface a labeled packet arrives.

Label 30

IP Packet

The PLR should use this backup tunnel to carry TE LSPs only briefly. The protection is temporary, because the link failure triggers the PLR to send a PathErr to the head end router of the TE tunnel. When the head end router of the protected TE tunnel receives the PathErr, it recalculates a new path for the tunnel LSP and signals it. When the head end router completes the signaling, the whole LSP is rerouted through the network. The protected TE LSP no longer uses the backup tunnel.

NOTE Normally, the receipt of a PathErr by the head end router makes the tunnel go down until the TE LSP is rerouted. This does not happen in the case of FRR, though. The PathErr that the PLR sends indicates that Local Repair is active. This status signals the head end router that it should not take the tunnel down while trying to find another path for the TE LSP. If the tunnel goes down, traffic is lost, which defeats the purpose of FRR.

The IGP also signals the link failure. When the PLR uses the backup tunnel to route a protected LSP, the PLR sends the PATH messages of the protected tunnel onto the backup tunnel as long as the backup tunnel is in use.

A disadvantage of using link protection is that the NHOP tunnel protects a complete link. At any time, any number of TE LSPs with a certain amount of bandwidth might be crossing the protected link. Therefore, the total protected bandwidth can vary quite a lot in time. Furthermore, the backup tunnel does not reserve bandwidth. Therefore, when protected tunnels use the backup tunnel, it is possible that not enough bandwidth is available to switch all traffic. Traffic might be dropped as a result. However, the protected tunnels should use the backup tunnel temporarily only, because the head end routers of the respective protected TE tunnels should reroute the TE LSPs while reserving enough bandwidth.

This reroute of the protected TE LSP is not possible if the head end router cannot find another feasible path. An example of such a case is a TE tunnel that has only one explicit path option and no dynamic one. If the protected link goes down, the backup link is used as long as the protected link is down, because the head end router cannot calculate another path through the network. The TE tunnel is stuck with its explicit path. To solve this, you can configure a dynamic path option with a higher number than the explicit path option. In that case, when the protected link goes down, the tunnel can use the backup tunnel until the head end router uses the dynamic path option and reroutes the tunnel via an alternative path.

The backup tunnel is preconfigured on the PLR router. You can specify the backup tunnel with the interface command mpls traffic-eng backup-path on the protected link. You configure the backup tunnel with an explicit path from the PLR to the next-hop router. On the head end router of the protected TE tunnel, you specify that the tunnel can use a backup tunnel (be fast rerouted) with the command tunnel mpls traffic-eng fast-reroute. This command sets the flag in the Session attribute object to 1, indicating that the tunnel wants local protection.

Look at Figure 8-7 again. Tunnel 1 on router paris to router rome is dynamically set up, and FRR is enabled on the tunnel interface. Router brussels has a backup tunnel 1000 protecting the link brussels-berlin. You configure this with the mpls traffic-eng backup-path command on the interface pos 10/3. This backup tunnel has an explicit path option routing the tunnel on the path brussels-frankfurt-berlin, thus avoiding the link brussels-berlin. Example 8-18 shows the configuration for setting up FRR link protection in this scenario. Notice that the PLR holds a FRR database. It shows, among other things, the incoming label and the outgoing label when the backup tunnel is used. When the state of the backup tunnel is ready, the tunnel is signaled but is not used for FRR at this moment. When the state is active, the backup tunnel is used to reroute a number of TE tunnel LSPs. The third possibility is the state partial, meaning that the backup tunnel is not signaled yet.

Example 8-18 Backup Tunnel Configuration for Link Protection brussels# !

interface Tunnel1000 ip unnumbered Loopback0 tunnel destination 10.200.254.5 tunnel mode mpls traffic-eng tunnel mpls traffic-eng path-option 1 explicit name link-bru-ber

interface POS10/3 ip address 10.200.211.1 255.255.255.0 mpls traffic-eng tunnels mpls traffic-eng backup-path Tunnel1000 ip rsvp bandwidth 155000

ip explicit-path name link-bru-ber enable next-address 10.200.212.2 next-address 10.200.213.2

interface Tunnel1 ip unnumbered Loopback0 tunnel destination 10.200.254.6 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng bandwidth 155000 tunnel mpls traffic-eng path-option 10 dynamic tunnel mpls traffic-eng fast-reroute brussels#show mpls traffic-eng fast-reroute database detail LFIB FRR Database Summary: Total Clusters: 1

Total Groups: 1

Total Items: 1

LSP identifier 10.200.254.2 1 [1113], ready

Input label 26, Output label PO10/3:17, FRR label Tu1000:17

Regular traffic should not use the backup tunnel. Therefore, the backup tunnel should not have autoroute announce or forwarding adjacency configured. See the later section titled "Forwarding Traffic onto MPLS TE Tunnels" to read up on how to forward traffic onto TE tunnels. Furthermore, make sure that the protected link and the links that the backup tunnel uses are not sharing the same infrastructure. Refer to the section titled "SRLG Used by Backup Tunnels" for more on this.

You can configure the backup tunnel as an explicit path. However, you can also configure it as an exclude path. This is an explicit path, but you only need to exclude a hop (an LSR). With backup tunnels, obviously, you must exclude the protected link from the path. Refer to the earlier section titled "IP Explicit Address Exclusion" for more information on excluding an IP address from an explicit path.

Micro Expression Master

Micro Expression Master

If You Could Read Everyone Life A Book You Can Have Better Career, Great Relationships And Become Successful. This Book Is One Of The Most Valuable Resources In The World When It Comes To Reading the smallest and tiniest body Language and know what people are thinking about.

Get My Free Ebook


Post a comment