OSPF Loop-Free Alternate (LFA) Fast Reroute (FRR)

OSPF Loop-Free Alternate (LFA) Fast Reroute (FRR) allows OSPF to quickly switch (within 50 ms) to a backup path when a primary path fails. Without LFA FRR, OSPF has to re-run SPF to find a new path when the primary path fails. With LFA FRR, OSPF pre-computes a backup path and installs the backup next hop in the forwarding table.

If you have seen my EIGRP LFA FRR lesson, you know that EIGRP uses its feasible successors as backup paths. OSPF doesn’t have the concept of feasible successors but it does have another trick up its sleeve. As a link-state routing protocol, all routers in the same area share the same LSDB. This allows OSPF to run SPF with any other router in the area as the root, finding usable backup paths.

IGPs have two methods to calculate LFAs:

  • Per-link: all prefixes that are reachable through a certain link all share the same next hop address. An IGP can calculate a backup next hop for all prefixes that use the same link. When the link fails, all prefixes will automatically be assigned to use the same backup next hop address. The advantage of per link LFA is that it requires fewer CPU cycles and memory than per-prefix LFA. The downside, however, is that once the primary link fails, you suddenly put a lot of burden on the backup link.
  • Per-prefix: the IGP calculates an LFA for each and every prefix. It requires more CPU cycles and memory but it does offer better load balancing. When a primary path fails, prefixes could use different backup paths, spreading the traffic throughout the network.

When OSPF has to select a backup path, it doesn’t just look for the “next best” lowest metric path but it uses a list of “tie breakers” to decide what path to use. This process is a bit similar to how BGP uses attributes. OSPF is able to use the following tie breakers:

  • SRLG (Shared Risk Link Groups): this is a group of interfaces that have a high likelihood of failing at the same time. For example, VLAN interfaces that use the same physical interface. When one logical interface goes down, it’s very likely that the other logical interfaces on the same physical interface go down too. In the EIGRP LFA FRR lesson, you can find a configuration example for SRLG.
  • Interface Protection: don’t select an LFA that uses the same outgoing interface as the primary path.
  • Broadcast Interface Protection: don’t select backup paths that use the same broadcast network as the primary path. With a broadcast network (most likely a switch), you can have different next hops but you still use the same link. When the switch fails, there is a risk that both the primary and backup path are both unreachable.
  • Node Protection: don’t select a backup path that uses the same next-hop router as your primary path. I will demonstrate this one in the configuration section where it’s explained in detail.
  • Downstream Path: this is very similar to the EIGRP feasible successor rule. A neighbor should have a smaller metric to the destination as the total metric of our primary path. This attribute is added since traffic sent over backup paths might loop for a short time until OSPF recalculates the primary path.
  • Line-Card Disjoint Interfaces: this is similar to SRLGs, don’t use backup paths that use the same line card as the primary path.
  • Metric: the best backup path might not be the one with the lowest metric next to the primary path, which is why we have all these tie breaker attributes. However, you can still use the lowest metric as one of the tie breakers.
  • Equal-Cost Multipath:
    • Primary: prefer a backup path that is part of ECMP (equal cost multipath).
    • Secondary: prefer a backup path is not part of ECMP. This can be useful if a single link in ECMP is unable to handle all traffic. Imagine you have 2x 100 Mbit interfaces carrying about 150 Mbit of traffic. When one of the links fails, a single link will be unable to transmit everything. In this case, it’s best not to use the remaining link of the ECMP as a backup path.

Configuration

Let’s take a look at OSPF LFA FRR in action. We have the following topology:

Ospf Lfa Frr First Topology

There are five routers in total. We focus on R1 that wants to reach 5.5.5.5/32 behind R5. There are three paths. The shortest path is through R2; R3 and R4 could be used as backup paths.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

R1

hostname R1
!
interface GigabitEthernet2
 ip address 192.168.12.1 255.255.255.0
 ip ospf cost 2
!
interface GigabitEthernet3
 ip address 192.168.13.1 255.255.255.0
 ip ospf cost 3
!
interface GigabitEthernet4
 ip address 192.168.14.1 255.255.255.0
 ip ospf cost 4
!
router ospf 1
 router-id 1.1.1.1
 fast-reroute per-prefix enable area 0 prefix-priority low
 fast-reroute keep-all-paths
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.13.0 0.0.0.255 area 0
 network 192.168.14.0 0.0.0.255 area 0
!
end

R2

hostname R2
!
interface GigabitEthernet2
 ip address 192.168.12.2 255.255.255.0
 ip ospf cost 2
!
interface GigabitEthernet3
 ip address 192.168.25.2 255.255.255.0
 ip ospf cost 2
!
router ospf 1
 router-id 2.2.2.2
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.25.0 0.0.0.255 area 0
!
end

R3

hostname R3
!
interface GigabitEthernet2
 ip address 192.168.13.3 255.255.255.0
 ip ospf cost 3
!
interface GigabitEthernet3
 ip address 192.168.35.3 255.255.255.0
 ip ospf cost 3
!
router ospf 1
 router-id 3.3.3.3
 network 192.168.13.0 0.0.0.255 area 0
 network 192.168.35.0 0.0.0.255 area 0
!
end

R4

hostname R4
!
interface GigabitEthernet2
 ip address 192.168.14.4 255.255.255.0
 ip ospf cost 4
!
interface GigabitEthernet3
 ip address 192.168.45.43 255.255.255.0
 ip ospf cost 4
!
router ospf 1
 router-id 4.4.4.4
 network 192.168.14.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0
!
end

R5

hostname R5
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ip ospf cost 1
!
interface GigabitEthernet2
 ip address 192.168.25.5 255.255.255.0
 ip ospf cost 1
!
interface GigabitEthernet3
 ip address 192.168.35.5 255.255.255.0
 ip ospf cost 10
!
interface GigabitEthernet4
 ip address 192.168.45.5 255.255.255.0
 ip ospf cost 10
!
router ospf 1
 router-id 5.5.5.5
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.0 0.0.0.255 area 0
 network 192.168.35.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0
!
end

Without LFA FRR

Let’s first take a look at R1 when we don’t use LFA FRR. Here’s the routing table:

R1#show ip route 5.5.5.5
Routing entry for 5.5.5.5/32
  Known via "ospf 1", distance 110, metric 5, type intra area
  Last update from 192.168.12.2 on GigabitEthernet2, 00:00:40 ago
  Routing Descriptor Blocks:
  * 192.168.12.2, from 5.5.5.5, 00:00:40 ago, via GigabitEthernet2
      Route metric is 5, traffic share count is 1

R1 uses 192.168.12.2 (R2) as its next hop, which is installed in the forwarding table:

R1#show ip cef 5.5.5.5
5.5.5.5/32
  nexthop 192.168.12.2 GigabitEthernet2

Right now, when R2 fails, R1 has to re-run SPF to figure out a new path.

With LFA FRR

Let’s enable fast reroute with the fast-reroute command:

R1(config)#router ospf 1
R1(config-router)#fast-reroute ?
  keep-all-paths  Keep LFA FRR audit trail
  per-prefix      Per-prefix LFA FRR parameters

This router only supports per-prefix LFA. We’ll talk about “keep-all-paths” in a bit. Let’s see what options we have:

R1(config-router)#fast-reroute per-prefix enable ?
  area             Area to enable LFA FRR in
  prefix-priority  Priority of prefixes to be protected

Let’s configure the area we want to protect, area 0 in our case:

R1(config-router)#fast-reroute per-prefix enable area 0 ?
  prefix-priority  Priority of prefixes to be protected

The other thing we have to configure is the priority:

R1(config-router)#fast-reroute per-prefix enable area 0 prefix-priority ?
  high  High priority prefixes
  low   Low priority prefixes

There are two options; high and low. When you select the high priority, OSPF treats loopback and /32 prefixes with higher priority, calculating an LFA for these a bit earlier than other prefixes. When you select the low priority, it just calculates an LFA for all prefixes. Let’s go for the low priority option:

R1(config-router)#fast-reroute per-prefix enable area 0 prefix-priority low

That’s all there is to configure. There is one more command I’d like to show you though:

R1(config-router)#fast-reroute keep-all-paths

When you add this command, OSPF keeps track of all paths…not only the primary path and backup path but all paths that it considered but has not selected. First, let’s look at the routing table:

R1#show ip route 5.5.5.5
Routing entry for 5.5.5.5/32
  Known via "ospf 1", distance 110, metric 5, type intra area
  Last update from 192.168.12.2 on GigabitEthernet2, 00:00:53 ago
  Routing Descriptor Blocks:
  * 192.168.12.2, from 5.5.5.5, 00:00:53 ago, via GigabitEthernet2
      Route metric is 5, traffic share count is 1
      Repair Path: 192.168.13.3, via GigabitEthernet3

Above we see that R1 has selected R2 as the primary path and R3 as a backup path. Let’s look at the forwarding table:

R1#show ip cef 5.5.5.5
5.5.5.5/32
  nexthop 192.168.12.2 GigabitEthernet2
    repair: attached-nexthop 192.168.13.3 GigabitEthernet3

In the forwarding table, we find the repair next hop as well. Excellent! R4 could also be selected as a backup path but R1 preferred R3. We can see a list of all possible backup paths with the following command:

R1#show ip ospf rib 5.5.5.5

            OSPF Router with ID (1.1.1.1) (Process ID 1)


                Base Topology (MTID 0)

OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator

*>  5.5.5.5/32, Intra, cost 5, area 0
     SPF Instance 23, age 21:03:19
     Flags: RIB, HiPrio
      via 192.168.12.2, GigabitEthernet2 label 1048578
       Flags: RIB
       LSA: 1/5.5.5.5/5.5.5.5
      repair path via 192.168.13.3, GigabitEthernet3 label 1048578, cost 7
       Flags: RIB, Repair, IntfDj, BcastDj, CostWon, NodeProt, Downstr
       LSA: 1/5.5.5.5/5.5.5.5
      repair path via 192.168.14.4, GigabitEthernet4, cost 9
       Flags: Ignore, Repair, IntfDj, BcastDj, NodeProt
       LSA: 1/5.5.5.5/5.5.5.5

The output above is pretty neat. It shows us the primary path, the backup path, and the ignored path through R4. The information about R4 only shows up because I added the fast-reroute keep-all-paths command.

Tie Breakers

As explained in the first part of this lesson, LFA FRR uses tie breakers to decide which backup path to use. These are similar to the attributes BGP uses. On my CSR1000V router, the following tie breakers are active with the following priorities:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 800 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
519 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags:


Forum Replies

  1. Hi Rene,
    Very nice lesson. You are the BOSS as always!!

    So can we deploy LFA-FRR for Inter-Area/External Prefix ?? Thx

    br//zaman

  2. Hello Zaman

    LFA-FFR for OSPF is defined in RFC 5286. According to this RFC there are several situations where LFA-FRR should not be used for Inter-area and external routes. For example, on Page 7 of the RFC it states the situations where inter-area routes and external routes should not use LFAs.

    I hope this has been helpful!

    Laz

  3. Hi Laz ,
    Thanks for your valuable reply .
    I cant understand the tie breakers . It will check one by one like BGP attribute do ??

    R1#show running-config all | incl break
     fast-reroute per-prefix tie-break primary-path index 10
     fast-reroute per-prefix tie-break interface-disjoint index 20
     fast-reroute per-prefix tie-break lowest-metric index 30
     fast-reroute per-prefix tie-break linecard-disjoint index 40
     fast-reroute per-prefix tie-break broadcast-interface-disjoint index 50 
    

    Could you please help me to understand clearly ?

    br//zaman

  4. Hello Zaman

    The tie breakers will be checked based on the number found after the index keyword. That number is essentially a priority index. The lower the number, the more important the attribute. So the order the attributes will be checked will be in ascending order of the index number.

    Each tie breaker will eliminate paths with specific attributes. The attributes indicated in your example eliminate the following paths:

    Primary-path—Eliminates candidates that are not ECMPs
    Interface-disjoint—Eliminates candidates sharing the same interface with the protect

    ... Continue reading in our forum

  5. Hello Rene,

    Great lesson as always and very helpful to understand. Please let me know what router and IOS version I can use to test in GNS3.

    Thanks
    Hamood

39 more replies! Ask a question or join the discussion by visiting our Community Forum