OSPF Loop-Free Alternate (LFA) Fast Reroute (FRR) allows OSPF to quickly switch (within 50 ms) to a backup path when a primary path fails. Without LFA FRR, OSPF has to re-run SPF to find a new path when the primary path fails. With LFA FRR, OSPF pre-computes a backup path and installs the backup next hop in the forwarding table.
If you have seen my EIGRP LFA FRR lesson, you know that EIGRP uses its feasible successors as backup paths. OSPF doesn’t have the concept of feasible successors but it does have another trick up its sleeve. As a link-state routing protocol, all routers in the same area share the same LSDB. This allows OSPF to run SPF with any other router in the area as the root, finding usable backup paths.
IGPs have two methods to calculate LFAs:
- Per-link: all prefixes that are reachable through a certain link all share the same next hop address. An IGP can calculate a backup next hop for all prefixes that use the same link. When the link fails, all prefixes will automatically be assigned to use the same backup next hop address. The advantage of per link LFA is that it requires fewer CPU cycles and memory than per-prefix LFA. The downside, however, is that once the primary link fails, you suddenly put a lot of burden on the backup link.
- Per-prefix: the IGP calculates an LFA for each and every prefix. It requires more CPU cycles and memory but it does offer better load balancing. When a primary path fails, prefixes could use different backup paths, spreading the traffic throughout the network.
When OSPF has to select a backup path, it doesn’t just look for the “next best” lowest metric path but it uses a list of “tie breakers” to decide what path to use. This process is a bit similar to how BGP uses attributes. OSPF is able to use the following tie breakers:
- SRLG (Shared Risk Link Groups): this is a group of interfaces that have a high likelihood of failing at the same time. For example, VLAN interfaces that use the same physical interface. When one logical interface goes down, it’s very likely that the other logical interfaces on the same physical interface go down too. In the EIGRP LFA FRR lesson, you can find a configuration example for SRLG.
- Interface Protection: don’t select an LFA that uses the same outgoing interface as the primary path.
- Broadcast Interface Protection: don’t select backup paths that use the same broadcast network as the primary path. With a broadcast network (most likely a switch), you can have different next hops but you still use the same link. When the switch fails, there is a risk that both the primary and backup path are both unreachable.
- Node Protection: don’t select a backup path that uses the same next-hop router as your primary path. I will demonstrate this one in the configuration section where it’s explained in detail.
- Downstream Path: this is very similar to the EIGRP feasible successor rule. A neighbor should have a smaller metric to the destination as the total metric of our primary path. This attribute is added since traffic sent over backup paths might loop for a short time until OSPF recalculates the primary path.
- Line-Card Disjoint Interfaces: this is similar to SRLGs, don’t use backup paths that use the same line card as the primary path.
- Metric: the best backup path might not be the one with the lowest metric next to the primary path, which is why we have all these tie breaker attributes. However, you can still use the lowest metric as one of the tie breakers.
- Equal-Cost Multipath:
- Primary: prefer a backup path that is part of ECMP (equal cost multipath).
- Secondary: prefer a backup path is not part of ECMP. This can be useful if a single link in ECMP is unable to handle all traffic. Imagine you have 2x 100 Mbit interfaces carrying about 150 Mbit of traffic. When one of the links fails, a single link will be unable to transmit everything. In this case, it’s best not to use the remaining link of the ECMP as a backup path.
Let’s take a look at OSPF LFA FRR in action. We have the following topology:
There are five routers in total. We focus on R1 that wants to reach 22.214.171.124/32 behind R5. There are three paths. The shortest path is through R2; R3 and R4 could be used as backup paths.
Want to take a look for yourself? Here you will find the startup configuration of each device.
hostname R1 ! interface GigabitEthernet2 ip address 192.168.12.1 255.255.255.0 ip ospf cost 2 ! interface GigabitEthernet3 ip address 192.168.13.1 255.255.255.0 ip ospf cost 3 ! interface GigabitEthernet4 ip address 192.168.14.1 255.255.255.0 ip ospf cost 4 ! router ospf 1 router-id 126.96.36.199 fast-reroute per-prefix enable area 0 prefix-priority low fast-reroute keep-all-paths network 192.168.12.0 0.0.0.255 area 0 network 192.168.13.0 0.0.0.255 area 0 network 192.168.14.0 0.0.0.255 area 0 ! end
hostname R2 ! interface GigabitEthernet2 ip address 192.168.12.2 255.255.255.0 ip ospf cost 2 ! interface GigabitEthernet3 ip address 192.168.25.2 255.255.255.0 ip ospf cost 2 ! router ospf 1 router-id 188.8.131.52 network 192.168.12.0 0.0.0.255 area 0 network 192.168.25.0 0.0.0.255 area 0 ! end
hostname R3 ! interface GigabitEthernet2 ip address 192.168.13.3 255.255.255.0 ip ospf cost 3 ! interface GigabitEthernet3 ip address 192.168.35.3 255.255.255.0 ip ospf cost 3 ! router ospf 1 router-id 184.108.40.206 network 192.168.13.0 0.0.0.255 area 0 network 192.168.35.0 0.0.0.255 area 0 ! end
hostname R4 ! interface GigabitEthernet2 ip address 192.168.14.4 255.255.255.0 ip ospf cost 4 ! interface GigabitEthernet3 ip address 192.168.45.43 255.255.255.0 ip ospf cost 4 ! router ospf 1 router-id 220.127.116.11 network 192.168.14.0 0.0.0.255 area 0 network 192.168.45.0 0.0.0.255 area 0 ! end
hostname R5 ! interface Loopback0 ip address 18.104.22.168 255.255.255.255 ip ospf cost 1 ! interface GigabitEthernet2 ip address 192.168.25.5 255.255.255.0 ip ospf cost 1 ! interface GigabitEthernet3 ip address 192.168.35.5 255.255.255.0 ip ospf cost 10 ! interface GigabitEthernet4 ip address 192.168.45.5 255.255.255.0 ip ospf cost 10 ! router ospf 1 router-id 22.214.171.124 network 126.96.36.199 0.0.0.0 area 0 network 192.168.25.0 0.0.0.255 area 0 network 192.168.35.0 0.0.0.255 area 0 network 192.168.45.0 0.0.0.255 area 0 ! end
Without LFA FRR
Let’s first take a look at R1 when we don’t use LFA FRR. Here’s the routing table:
R1#show ip route 188.8.131.52 Routing entry for 184.108.40.206/32 Known via "ospf 1", distance 110, metric 5, type intra area Last update from 192.168.12.2 on GigabitEthernet2, 00:00:40 ago Routing Descriptor Blocks: * 192.168.12.2, from 220.127.116.11, 00:00:40 ago, via GigabitEthernet2 Route metric is 5, traffic share count is 1
R1 uses 192.168.12.2 (R2) as its next hop, which is installed in the forwarding table:
R1#show ip cef 18.104.22.168 22.214.171.124/32 nexthop 192.168.12.2 GigabitEthernet2
Right now, when R2 fails, R1 has to re-run SPF to figure out a new path.
With LFA FRR
Let’s enable fast reroute with the fast-reroute command:
R1(config)#router ospf 1 R1(config-router)#fast-reroute ? keep-all-paths Keep LFA FRR audit trail per-prefix Per-prefix LFA FRR parameters
This router only supports per-prefix LFA. We’ll talk about “keep-all-paths” in a bit. Let’s see what options we have:
R1(config-router)#fast-reroute per-prefix enable ? area Area to enable LFA FRR in prefix-priority Priority of prefixes to be protected
Let’s configure the area we want to protect, area 0 in our case:
R1(config-router)#fast-reroute per-prefix enable area 0 ? prefix-priority Priority of prefixes to be protected
The other thing we have to configure is the priority:
R1(config-router)#fast-reroute per-prefix enable area 0 prefix-priority ? high High priority prefixes low Low priority prefixes
There are two options; high and low. When you select the high priority, OSPF treats loopback and /32 prefixes with higher priority, calculating an LFA for these a bit earlier than other prefixes. When you select the low priority, it just calculates an LFA for all prefixes. Let’s go for the low priority option:
R1(config-router)#fast-reroute per-prefix enable area 0 prefix-priority low
That’s all there is to configure. There is one more command I’d like to show you though:
When you add this command, OSPF keeps track of all paths…not only the primary path and backup path but all paths that it considered but has not selected. First, let’s look at the routing table:
R1#show ip route 126.96.36.199 Routing entry for 188.8.131.52/32 Known via "ospf 1", distance 110, metric 5, type intra area Last update from 192.168.12.2 on GigabitEthernet2, 00:00:53 ago Routing Descriptor Blocks: * 192.168.12.2, from 184.108.40.206, 00:00:53 ago, via GigabitEthernet2 Route metric is 5, traffic share count is 1 Repair Path: 192.168.13.3, via GigabitEthernet3
Above we see that R1 has selected R2 as the primary path and R3 as a backup path. Let’s look at the forwarding table:
R1#show ip cef 220.127.116.11 18.104.22.168/32 nexthop 192.168.12.2 GigabitEthernet2 repair: attached-nexthop 192.168.13.3 GigabitEthernet3
In the forwarding table, we find the repair next hop as well. Excellent! R4 could also be selected as a backup path but R1 preferred R3. We can see a list of all possible backup paths with the following command:
R1#show ip ospf rib 22.214.171.124 OSPF Router with ID (126.96.36.199) (Process ID 1) Base Topology (MTID 0) OSPF local RIB Codes: * - Best, > - Installed in global RIB LSA: type/LSID/originator *> 188.8.131.52/32, Intra, cost 5, area 0 SPF Instance 23, age 21:03:19 Flags: RIB, HiPrio via 192.168.12.2, GigabitEthernet2 label 1048578 Flags: RIB LSA: 1/184.108.40.206/220.127.116.11 repair path via 192.168.13.3, GigabitEthernet3 label 1048578, cost 7 Flags: RIB, Repair, IntfDj, BcastDj, CostWon, NodeProt, Downstr LSA: 1/18.104.22.168/22.214.171.124 repair path via 192.168.14.4, GigabitEthernet4, cost 9 Flags: Ignore, Repair, IntfDj, BcastDj, NodeProt LSA: 1/126.96.36.199/188.8.131.52
The output above is pretty neat. It shows us the primary path, the backup path, and the ignored path through R4. The information about R4 only shows up because I added the fast-reroute keep-all-paths command.
As explained in the first part of this lesson, LFA FRR uses tie breakers to decide which backup path to use. These are similar to the attributes BGP uses. On my CSR1000V router, the following tie breakers are active with the following priorities:
Very nice lesson. You are the BOSS as always!!
So can we deploy LFA-FRR for Inter-Area/External Prefix ?? Thx
LFA-FFR for OSPF is defined in RFC 5286. According to this RFC there are several situations where LFA-FRR should not be used for Inter-area and external routes. For example, on Page 7 of the RFC it states the situations where inter-area routes and external routes should not use LFAs.
I hope this has been helpful!
Hi Laz ,
Thanks for your valuable reply .
I cant understand the tie breakers . It will check one by one like BGP attribute do ??
Could you please help me to understand clearly ?
The tie breakers will be checked based on the number found after the
indexkeyword. That number is essentially a priority index. The lower the number, the more important the attribute. So the order the attributes will be checked will be in ascending order of the index number.
Each tie breaker will eliminate paths with specific attributes. The attributes indicated in your example eliminate the following paths:
Primary-path—Eliminates candidates that are not ECMPs... Continue reading in our forum
Interface-disjoint—Eliminates candidates sharing the same interface with the protect
Great lesson as always and very helpful to understand. Please let me know what router and IOS version I can use to test in GNS3.