This document introduces TI-LFA (Topology independent Loop-free alternate) feature in segment routing environment. It has two purposes. One is to form an introduction to TI-LFA for those who are interested in using, evaluating, and possibly implementing it. The other one is to discuss how TI-LFA mitigates the challenges faced by direct LFA/RLFA (Loop-free alternative/Remote Loop-free alternate).
Before the advent of TI-LFA, pre-dominantly service providers deploy LFA or RLFA to achieve sub-second convergence. We are facing certain challenges in today’s LFA deployment for some specific customer topologies. The challenges are,
Sub-optimal backup path.
Failure of 100% coverage by RLFA in double-segment failure scenario.
TI-LFA addresses the challenges that are faced by direct LFA or RLFA feature. The above mentioned 2 challenges will be addressed by deploying TI-LFA across the topology.
Optimal Repair path:TI-LFA installs the post-convergence path as backup repair path. TI-LFA follows an algorithm which inserts the PQ node before the destination node in its stack. By this way we can avoid sub-optimal backup path and have the post-convergence route installed in the FIB as backup repair path.
Double segment failure protection:During double segment failure protection, the destination prefix is not covered by even RLFA feature. This is due to the absence of PQ node. TI-LFA efficiently resolves this condition and provides protection for the destination.
Apart from mitigating the above mentioned challenges, TI-LFA also serves the below protection services.
Node Protection:User has the option to enable Node protection through TI-LFA. If enabled, the post convergence backup repair path will not consider the next-hop neighbor while calculating the backup repair path.
SRLG Protection:Shared Risk Link Groups (SRLG) refer to situations in which links in a network share a common fiber (or a common physical attribute). These links have a shared risk: when one link fails, other links in the group might also fail. The TI-LFA SRLG protection functionality attempts to find the post-convergence backup path, which excludes the SRLG of the protected link. All local links that share any SRLG with the protecting link are excluded.
Let us discuss in detail how TI-LFA resolves the above mentioned challenges.
TI-LFA: Optimal repair path
In the below figure, we have edge routers located at different geographical locations for providing Internet service or L3VPN or L2VPN services. Let us consider router R1 located at London as source and R3 located at Paris as destination.
To avoid using the R5 node located at New York as transit node in case of primary link failure, we have manipulated the metric. This metric manipulation has implication on choosing the backup FRR optimal path.
Failure scenario:During Primary path failure scenario between R1 and R4, R1 has to choose R5 which meets the LFA conditions however, this is sub-optimal path and not the post-convergence path. Whereas the post convergence path is through R2.
During the link failure between R1 and R4 (as mentioned in figure 2. Below), If R1 chose R2 as backup FRR path, it will send the packet back to R1, R1 will send again and this will create loop till it completes convergence. In other words, till R2 knows about the failure and completes the convergence. So in the below scenario R2 does not meet the direct LFA conditions.
How TI-LFA Fix this:
TI-LFA calculates the post-convergence path as backup FRR path. For example in the above scenario, R1 is the point of local repair(PLR). If TI-LFA enabled, TI-LFA has its own algorithm to calculate the backup repair path.
R2 will just execute the instruction of R1 simply.
The label stacking will be added in the backup FRR path in such a manner that point of local repair(R1) will stack the PQ node’s label(R3) as top label and then destination Prefix-label (R4’s prefix Label). The Label stack will look like [16003 , 16004].
A simple CLI to enable TI-LFA under IGP interface configuration mode as shown below.
router isis Cisco
address-family ipv4 unicast
fast-reroute per-prefix ti-lfa
Below verification command shows the TI-LFA backup path for 188.8.131.52/32 from R1.
RP/0/0/CPU0:R1#show isis fast-reroute 184.108.40.206/32
Thu Jan 19 16:36:29.856 UTC
L2 220.127.116.11/32 [10/115]
via 10.1.14.2, GigabitEthernet0/0/0/1, iosxrv-4, SRGB Base: 16000, Weight: 0
TI-LFA backup via iosxrv-3(PQ) [18.104.22.168]
via 10.1.12.2, GigabitEthernet0/0/0/0 iosxrv-2, SRGB Base: 16000
Label stack [16003, 16004]
What is PQ Node?
RLFA and TI-LFA will use the terminology such as P space, Q space or PQ node while formulating its own algorithm for LFA repair path.
P SPACE -This defined the set of other routers R1 can reach without traversing over failed link. This requires shortest path tree algorithm (SPT) to be run with root at R1. For example in above topology, P space of R1 would be R2 and R3.
Q SPACE-This defines the set of routers that can reach R4 without traversing the failed link. This requires an SPT to be run rooted at R4. So Q space of R4 would be R3.
Extended P-Space: The extended P-space of the protecting router with respect to the protected link is the union of the P-spaces of the neighbors in that set of neighbors with respect to the protected link.
PQ NODE: The router that is in both Extended P-Space and Q-Space is PQ node.
Double segment failure protection
RLFA fails to cover 100% in some scenario like the one shown in below figure. When the direct LFA conditions doesn’t meet for some scenario, RLFA will offer the LFA repair path by forming targeted LDP from PLR. As per the RLFA algorithm, PLR will form a targeted LDP session with PQ node.
What if a situation wherein there is no PQ node as shown below. In the below scenario, there is no node sharing the common P space and Q Space. There is no 100% coverage by RLFA in this scenario.
How to fix it:We need a feature that has to send the packet to Q-SPACE during the failure scenario. TI-LFA is the feature that covers this situation.
How TI-LFA resolves:As per TI-LFA algorithm it will stack the label which redirects the traffic from P space to Q Space. PLR will stack the prefix-SID of edge node of P space, in our case its R4. Then it will stack adj-SID label between edge router of P and Q space. In our case, it is between R4 and R3. And the last label in stack is the destination prefix.
The label stack at PLR(Point of local repair) looks like[16004 24043 16003]
RP/0/0/CPU0:R1# sh isis fast-reroute 22.214.171.124/32
Fri Jan 20 03:30:25.962 UTC
L2 126.96.36.199/32 [10/115]
via 10.1.12.2, GigabitEthernet0/0/0/0, iosxrv-2, SRGB Base: 16000, Weight: 0
TI-LFA backup via iosxrv-4 (P) [188.8.131.52]
via 10.1.16.2, GigabitEthernet0/0/0/1 iosxrv-6, SRGB Base: 16000
Label stack [16004, 24043, 16003]
After the packet reaches16004(R4), how it will reach R2. What is 24043?
24043 is adj-SID(Protected) between the link R4 and R3
Hi everyone.Already i'm working whit a A99-12X100GE line card, During boot up into ROMmon, serial console show as follow Somebody may help me to know why board restar twice?Thanks in advance Booting Management Processor skyhammer_init(...
Cannot create Golden ISO for ASR9k XR I am trying to create golden ISO image for ASR9k but I am failing every time.The working directory:test@ubuntuserverbl:~/gisobuild$test@ubuntuserverbl:~/gisobuild$ pwd/home/test/gisobuildtest@ubuntuserverbl:~/gis...
Where can I find technical data, ie maximum IPv4 & IPv6 routes, MPLS labels, etc. This doesn't give me much https://www.cisco.com/c/en/us/products/collateral/routers/network-convergence-system-500-series-routers/datasheet-c78-740296.h...
Hello Guys,I have ASR9K RSP440SE with MOD400 and MPA-20X10GE,problem is , when i apply policy-rate limit on MPA20x10GE, i have too much packet loss and tcp sessions(downloads) disconnects in 10 seconds..but when i apply same policy-map on A9K-36X10GE-TR e...
Hi. This is my first post in this community and I am a newbie on Cisco products.Recently I have bought three ASR-9010 to build my core network and because my plans include NAT64 and NAT things I decided to buy two A9K-ISM-100 cards and looking for th...