Lesson Contents
Fast Reroute (FRR) protects MPLS TE LSPs from link and node failures. We achieve this by locally repairing the LSP of a primary tunnel using backup tunnels. This allows traffic to continue while the headend router attempts to calculate a new best LSP. When the primary tunnel fails, the backup tunnel is used immediately. This takes less than ~50 ms. There are two protection types:
- Link protection
- Node protection
In this lesson, we’ll take a look at link protection.
Configuration
This is the topology we’ll use:
All the PE and P routers are running MPLS TE. We have a TE tunnel from PE1 to PE2. Check out the MPLS TE configuration lesson if you are unsure how to configure MPLS TE. Our goal is to protect the link between P1 and P2:
We achieve this by creating a backup tunnel between P1 and P2 that goes through P3. P1 is the router where we configure the backup tunnel. This makes P1 the Point of Local Repair (PLR). P2 is where we terminate the backup tunnel and where our traffic rejoins the LSP of the primary tunnel. This makes P2 the Merge Point (MP). Backup tunnels bypassing a single link are called next-hop (NHOP) backup tunnels. It’s called a NHOP backup tunnel because it terminates at the next hop (P2 is the next hop from P1’s perspective).
Configurations
Want to take a look for yourself? Here you will find the startup configuration of each device.
CE1
hostname CE1
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip router isis
isis circuit-type level-2-only
!
router isis
net 49.0001.0001.0001.0001.0001.00
is-type level-2-only
metric-style wide
!
endCE2
hostname CE2
!
ip cef
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
ip address 192.168.78.8 255.255.255.0
ip router isis
!
router isis
net 49.0001.0008.0008.0008.0008.00
is-type level-2-only
metric-style wide
!
endP1
hostname P1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
ip address 192.168.23.3 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
ip address 192.168.34.3 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
ip address 192.168.35.3 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
router isis
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
net 49.0001.0003.0003.0003.0003.00
is-type level-2-only
metric-style wide
!
mpls ldp router-id Loopback0 force
!
endP2
hostname P2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
ip address 192.168.34.4 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
ip address 192.168.46.4 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
ip address 192.168.45.4 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
router isis
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
net 49.0001.0004.0004.0004.0004.00
is-type level-2-only
metric-style wide
!
mpls ldp router-id Loopback0 force
!
endP3
hostname P3
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
ip address 192.168.35.5 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
ip address 192.168.56.5 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
ip address 192.168.45.5 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
router isis
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
net 49.0001.0005.0005.0005.0005.00
is-type level-2-only
metric-style wide
!
mpls ldp router-id Loopback0 force
!
endP4
hostname P4
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
ip address 192.168.67.6 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
ip address 192.168.46.6 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
ip address 192.168.56.6 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
router isis
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
net 49.0001.0006.0006.0006.0006.00
is-type level-2-only
metric-style wide
!
mpls ldp router-id Loopback0 force
!
endPE1
hostname PE1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface Tunnel1
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 7.7.7.7
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth 750
tunnel mpls traffic-eng path-option 1 explicit name EXCLUDE_P3
no routing dynamic
!
interface GigabitEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/1
ip address 192.168.23.2 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
router isis
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
net 49.0001.0002.0002.0002.0002.00
is-type level-2-only
metric-style wide
!
ip explicit-path name EXCLUDE_P3 enable
exclude-address 5.5.5.5
!
mpls ldp router-id Loopback0 force
!
endPE2
hostname PE2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
ip address 192.168.78.7 255.255.255.0
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/1
ip address 192.168.67.7 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
isis circuit-type level-2-only
ip rsvp bandwidth 1000000
!
router isis
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
net 49.0001.0007.0007.0007.0007.00
is-type level-2-only
metric-style wide
!
mpls ldp router-id Loopback0 force
!
end
I use IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.9(3)M4 on all routers.
Before we start with the fast reroute configuration, I want to emphasize that I use an explicit path on PE1 for the primary tunnel:
PE1#show ip explicit-paths
PATH EXCLUDE_P3 (strict source route, path complete, generation 6)
1: exclude-address 5.5.5.5This explicit path forces the traffic through P2. When P2 is unavailable, the tunnel will go down. This is important for this lab because, otherwise, once fast reroute is enabled, you’ll see that PE1 will use the backup tunnel only for a few seconds before switching over to a new path because of recalculation.
Without Fast Reroute
Before we enable fast reroute, there’s something I’d like to show you in Wireshark. I’ll enable a packet capture on the link between PE1 and P1, and we’ll shut/no shut the tunnel interface on PE1:
PE1(config)#interface Tunnel 1
PE1(config-if)#shutdown
PE1(config-if)#no shutdownIn the RSVP PATH message, you’ll see this:
MPLS TE FRR RSVP no protection desired
Above, you can see that PE1 doesn’t require link protection (local protection) at this moment.
With Fast Reroute
It’s time to configure fast reroute link protection.
PE1
We’ll start with PE1. We need to add one command to the tunnel interface:
PE1(config)#interface Tunnel 1
PE1(config-if)#tunnel mpls traffic-eng fast-rerouteLet’s take another look at the RSVP PATH message:
MPLS TE FRR RSVP link protection desired
Above, you now see that PE1 requests link protection for this tunnel. You can also verify this with the following show command:
PE1#show ip rsvp sender detail | include Flags
Flags: (0x7) Local Prot desired, Label Recording, SE StyleThis completes the configuration of PE1.
P1
Let’s configure P1. Our backup tunnel should only bypass the link between P1 and P2. This means the backup tunnel should go from P1 to P3 and terminate at P2. Without an explicit path, P1 would take the direct path to P2. To accomplish this, I’ll configure an explicit path that includes the addresses of P3 and P2:
P1(config)#ip explicit-path name INCLUDE_P3_P2 enable
P1(cfg-ip-expl-path)# next-address 192.168.35.5
P1(cfg-ip-expl-path)# next-address loose 4.4.4.4Now we can configure a backup tunnel interface:
