MPLS TE Fast Reroute Path Node Protection

Lesson Contents

MPLS TE Fast Reroute (FRR) protects MPLS TE LSPs from link and node failures. We can do this with backup tunnels that repair the LSP of a primary (protected) tunnel. When the primary LSP is broken, we can continue to forward traffic down the backup tunnel until the headend router figures out a new best path. This takes less than ~50 ms. There are two protection types:

Link protection
Node protection

In the previous lesson, we covered link protection. In this lesson, we’ll look at node protection. The configuration is very similar, but some things are different behind the scenes.

Configuration

Here is the topology we’ll use:

All PE and P routers run MPLS TE. We have a TE tunnel from router PE1 to PE2. Traffic for this tunnel goes through P2. We want to create a backup tunnel to work around a node failure (P2). Here’s what it looks like:

When P2 goes down, we want to send traffic down a backup tunnel that we configure on P1 and terminates on P4. This makes P1 the Point of Local Repair (PLR) and P4 the Merge Point (MP). We call this kind of backup tunnel a Next Next Hop (NNHOP) tunnel. From P1’s perspective, P4 is the next hop behind our next hop (P2).

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

CE1

hostname CE1
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
router isis
 net 49.0001.0001.0001.0001.0001.00
 is-type level-2-only
 metric-style wide
!
end

CE2

hostname CE2
!
ip cef
!
interface Loopback0
 ip address 8.8.8.8 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.78.8 255.255.255.0
 ip router isis 
!
router isis
 net 49.0001.0008.0008.0008.0008.00
 is-type level-2-only
 metric-style wide
!
end

hostname P1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.34.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.35.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0003.0003.0003.0003.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

hostname P2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.34.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.46.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0004.0004.0004.0004.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

hostname P3
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.35.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.56.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0005.0005.0005.0005.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

hostname P4
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.67.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.46.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.56.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0006.0006.0006.0006.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

PE1

hostname PE1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface Tunnel1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 7.7.7.7
 tunnel mpls traffic-eng autoroute announce
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 explicit name EXCLUDE_P3
 no routing dynamic
!
interface GigabitEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0002.0002.0002.0002.00
 is-type level-2-only
 metric-style wide
!
ip explicit-path name EXCLUDE_P3 enable
 exclude-address 5.5.5.5
!
mpls ldp router-id Loopback0 force
!
end

PE2

hostname PE2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.78.7 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.67.7 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0007.0007.0007.0007.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

I use IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.9(3)M4 on all routers. I have an explicit path on PE1 for the primary tunnel:

PE1#show ip explicit-paths 
PATH EXCLUDE_P3 (strict source route, path complete, generation 6)
    1: exclude-address 5.5.5.5

This explicit path forces the traffic through P2. When P2 is unavailable, the tunnel will go down. This is important for this lab because, otherwise, once fast reroute is enabled, you’ll see that PE1 will use the backup tunnel only for a few seconds before switching over to a new path because of recalculation.

Without Fast Reroute

Before we enable fast reroute, I’d like to show you a packet capture of the RSVP PATH message. To capture this, we’ll restart the tunnel interface on PE1:

PE1(config)#interface Tunnel 1
PE1(config-if)#shutdown
PE1(config-if)#no shutdown

In the RSVP PATH message, you’ll see this under the session attribute:

MPLS TE FRR RSVP no protection desired

Above, you can see that PE1 doesn’t require node protection.

With Fast Reroute

Let’s configure MPLS TE fast reroute node protection for this network.

PE1

We’ll start with PE1. We need to add one command to the tunnel interface:

PE1(config)#interface Tunnel 1
PE1(config-if)#tunnel mpls traffic-eng fast-reroute node-protect

The only difference with link protection is that we add the node-protect keyword. Let’s take another look at the RSVP PATH message:

MPLS TE FRR RSVP Node Protection Desired

You can now see that PE1 desires node protection for its tunnel. When you enable node protection, you also have link protection.

P1

Let’s configure P1. Our backup tunnel should never use P2. This means the backup tunnel should go from P1 to P3 and terminate at P4. To accomplish this, I’ll configure an explicit path that excludes P2:

P1(config)#ip explicit-path name EXCLUDE_P2
P1(cfg-ip-expl-path)# exclude-address 4.4.4.4

Now we can configure a backup tunnel interface:

Forum Replies

doug_slone says:

Hi Rene, thanks for sharing these examples for for FRR (link/node protection). I found them very useful! In both examples I see that you are manually creating the backup tunnels. That would be an enormous task in a large Service Provider Network which may have many alternative paths. it is quite common to have the backup tunnels created automatically. Its probably worth mentioning, or showing an example of how to create them automatically in IOS.
lagapidis says:

Hello Douglas

Thanks for your useful suggestion! I will pass it on to Rene.

Thanks again!

Laz

Ask a question or join the discussion by visiting our Community Forum

Configuration

Without Fast Reroute

With Fast Reroute

PE1

P1

We're Sorry, Full Content Access is for Members Only...

Forum Replies