OSPF Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)

OSPF Loop-Free Alternate (LFA) Fast Reroute (FRR) is a technique where our router is able to pre-install a backup next hop in the routing table and CEF table, making failover very fast (< 50 MS). In some topologies, however, this is not possible. Before you continue with this lesson, make sure you are very familiar with MPLS VPN.

Let’s start with a quick example:

Ospf Problematic Lfa Frr Topology

Above we have a bunch of routers. Behind R6 we have a loopback interface with IP address 6.6.6.6/32. We use Gigabit interfaces everywhere with the default cost. Let’s focus on R1.

R1 has two paths to get to 6.6.6.6/32:

  • R1 > R5 > R6
  • R1 > R2 > R3 > R4 > R5 > R6

The path through R5 is the shortest path, so R5 becomes our next hop. You might think that R2 could be used as a backup path, but that’s not the case. Why? Because R2’s shortest path is through R1:

Ospf Mpls Remote Lfa R2 Traffic

R3 however, is using R4 as its next hop:

Ospf Mpls Remote Lfa R3 Traffic

If only there were a way so we could use R3 as a next hop…bypassing R2. Luckily, there is! We can use tunneling to get directly from R1 to R3, bypassing R2:

Ospf Mpls Remote Lfa Topology R1 R3

This tunneling method to a remote router to use it as an alternate backup path is called remote LFA (Loop-Free Alternate) FRR (Fast Reroute).  A targeted MPLS LDP session between the two routers is used for the tunnel.

Why did R1 select R3?

To understand this, we first have to talk about some remote LFA terminology:

  • P space: these are the routers that R1 can reach without using the failed link. This can be calculated by running SPT with R1 as the root. From R1’s perspective, R2 and R3 belong to the P space since it would use its Gigabit 2 interface to reach these two routers.
  • Q space: these are the routers that can reach R5 without using the failed link. To figure this out, you have to run SPT with R5 as the root. R5 uses its Gigabit 3 interface to reach R3 and R4, so these two routers belong to the Q space.
  • PQ node: this is the router that belongs to both the P and Q space. In our topology, R3 belongs to both the P and Q space, so this router is selected as the PQ node. The PQ node is used as the endpoint for our tunnel.

Now you know why remote LFA is needed and how the remote tunnel endpoint is selected. Let’s look at this in action.

Configuration

Here is the topology we will use:

Ospf Remote Lfa Topology

It’s the same topology as before, but I added network and IP addresses. Each router has a loopback interface which is needed because remote LFA uses a targeted LDP session between the two tunnel endpoints. All interfaces are advertised in OSPF area 0.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

R1

hostname R1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.12.1 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.15.1 255.255.255.0
!
router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.15.0 0.0.0.255 area 0
!
end

R2

hostname R2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.12.2 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.23.2 255.255.255.0
!
router ospf 1
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.23.0 0.0.0.255 area 0
!
end

R3

hostname R3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.34.3 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.23.3 255.255.255.0
!
router ospf 1
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.23.0 0.0.0.255 area 0
 network 192.168.34.0 0.0.0.255 area 0
!
end

R4

hostname R4
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.34.4 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.45.4 255.255.255.0
!
router ospf 1
 network 4.4.4.4 0.0.0.0 area 0
 network 192.168.34.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0
!
end

R5

hostname R5
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.15.5 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.45.5 255.255.255.0
!
interface GigabitEthernet4
 ip address 192.168.56.5 255.255.255.0
!
router ospf 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.15.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
end

R6

hostname R6
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.56.6 255.255.255.0
!
router ospf 1
 network 6.6.6.6 0.0.0.0 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
end


The tunnel uses MPLS LDP, so the first thing we should do is enable MPLS LDP on all interfaces. You can do this with the mpls ip command on each interface or enable MPLS on all interfaces that run OSPF:

R1, R2, R3, R4, R5 & R6
(config-router)#mpls ldp autoconfig area 0

MPLS LDP forms neighbor adjacencies with directly connected neighbors, but in our case, we need an MPLS LDP neighbor adjacency between R1 and R3 who are not directly connected. By default, routers reject targeted MPLS LDP hello requests from non-directly connected routers. This is something we have to enable:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 799 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
541 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags:


Forum Replies

  1. Hi Rene,

    Regarding the remote LFA version, when you say “P Space: these are the routers that R1 can reach without using the failed link”, do you mean that, under normal operations, these are the routers that R1 is able to reach without using the link that might fail? Otherwise, why not add R4 to the P Space?

    The same question applies for the Q Space.

    I’ve posted my question here because I don’t see a dedicated discussion for the remote LFA.

    Thanks,
    LP

  2. Hello Luis

    The official definition according to RFC 4790 is the following:

      The P-space of a router with respect to a protected link is the
      set of routers reachable from that specific router using the pre-
      convergence shortest paths without any of those paths (including
      equal-cost path splits) transiting that protected link.
    
      For example, the P-space of S with respect to link S-E is the set
      of routers that S can reach without using the protected link S-E.
    

    So for R1, the routers that are reachable without the use of the failed link are R2 and R3 un

    ... Continue reading in our forum

  3. Remote LFA and LFA , these are 2 separate terms …right …

    can u describe little bit difference between them…??

  4. Hello Narad

    In short, an LFA is a next-hop route that delivers a packet to its destination without looping back.

    A Loop-Free Alternate (LFA) is a concept that is used in various technologies, including OSPF, other routing protocols, as well as in MPLS. An LFA is a node other than the primary neighbor, or the primary next hop. It is a backup of sorts. Traffic is immediately directed towards the LFA after a network failure. The LFA will receive traffic and will continue to forward it without any knowledge of a failure. LFAs always use a directly connected ne

    ... Continue reading in our forum

  5. Here we did enable LFA FRR because as the article says we do need to enable it for remote LFA FRR.
    Question:
    What will happen when both LFA and remote LFA options are available.
    *I am guessing that normal LFA will be used because remote LFA was introduced only to deal with situations where normal LFA option cannot be used. Kindly elaborate.

3 more replies! Ask a question or join the discussion by visiting our Community Forum