OSPF Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)

Lesson Contents

OSPF Loop-Free Alternate (LFA) Fast Reroute (FRR) is a technique where our router is able to pre-install a backup next hop in the routing table and CEF table, making failover very fast (< 50 MS). In some topologies, however, this is not possible. Before you continue with this lesson, make sure you are very familiar with MPLS VPN.

Let’s start with a quick example:

Above we have a bunch of routers. Behind R6 we have a loopback interface with IP address 6.6.6.6/32. We use Gigabit interfaces everywhere with the default cost. Let’s focus on R1.

R1 has two paths to get to 6.6.6.6/32:

R1 > R5 > R6
R1 > R2 > R3 > R4 > R5 > R6

The path through R5 is the shortest path, so R5 becomes our next hop. You might think that R2 could be used as a backup path, but that’s not the case. Why? Because R2’s shortest path is through R1:

R3 however, is using R4 as its next hop:

If only there were a way so we could use R3 as a next hop…bypassing R2. Luckily, there is! We can use tunneling to get directly from R1 to R3, bypassing R2:

This tunneling method to a remote router to use it as an alternate backup path is called remote LFA (Loop-Free Alternate) FRR (Fast Reroute). A targeted MPLS LDP session between the two routers is used for the tunnel.

Why did R1 select R3?

To understand this, we first have to talk about some remote LFA terminology:

P space: these are the routers that R1 can reach without using the failed link. This can be calculated by running SPT with R1 as the root. From R1’s perspective, R2 and R3 belong to the P space since it would use its Gigabit 2 interface to reach these two routers.
Q space: these are the routers that can reach R5 without using the failed link. To figure this out, you have to run SPT with R5 as the root. R5 uses its Gigabit 3 interface to reach R3 and R4, so these two routers belong to the Q space.
PQ node: this is the router that belongs to both the P and Q space. In our topology, R3 belongs to both the P and Q space, so this router is selected as the PQ node. The PQ node is used as the endpoint for our tunnel.

Now you know why remote LFA is needed and how the remote tunnel endpoint is selected. Let’s look at this in action.

Configuration

Here is the topology we will use:

It’s the same topology as before, but I added network and IP addresses. Each router has a loopback interface which is needed because remote LFA uses a targeted LDP session between the two tunnel endpoints. All interfaces are advertised in OSPF area 0.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

hostname R1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.12.1 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.15.1 255.255.255.0
!
router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.15.0 0.0.0.255 area 0
!
end

hostname R2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.12.2 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.23.2 255.255.255.0
!
router ospf 1
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.23.0 0.0.0.255 area 0
!
end

hostname R3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.34.3 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.23.3 255.255.255.0
!
router ospf 1
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.23.0 0.0.0.255 area 0
 network 192.168.34.0 0.0.0.255 area 0
!
end

hostname R4
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.34.4 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.45.4 255.255.255.0
!
router ospf 1
 network 4.4.4.4 0.0.0.0 area 0
 network 192.168.34.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0
!
end

hostname R5
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.15.5 255.255.255.0
!
interface GigabitEthernet3
 ip address 192.168.45.5 255.255.255.0
!
interface GigabitEthernet4
 ip address 192.168.56.5 255.255.255.0
!
router ospf 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.15.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
end

hostname R6
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface GigabitEthernet2
 ip address 192.168.56.6 255.255.255.0
!
router ospf 1
 network 6.6.6.6 0.0.0.0 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
end

The tunnel uses MPLS LDP, so the first thing we should do is enable MPLS LDP on all interfaces. You can do this with the mpls ip command on each interface or enable MPLS on all interfaces that run OSPF:

R1, R2, R3, R4, R5 & R6
(config-router)#mpls ldp autoconfig area 0

MPLS LDP forms neighbor adjacencies with directly connected neighbors, but in our case, we need an MPLS LDP neighbor adjacency between R1 and R3 who are not directly connected. By default, routers reject targeted MPLS LDP hello requests from non-directly connected routers. This is something we have to enable:

Forum Replies

Hi Rene,

Regarding the remote LFA version, when you say “P Space: these are the routers that R1 can reach without using the failed link”, do you mean that, under normal operations, these are the routers that R1 is able to reach without using the link that might fail? Otherwise, why not add R4 to the P Space?

The same question applies for the Q Space.

I’ve posted my question here because I don’t see a dedicated discussion for the remote LFA.

Thanks,
LP

Hello Luis

The official definition according to RFC 4790 is the following:

  The P-space of a router with respect to a protected link is the
  set of routers reachable from that specific router using the pre-
  convergence shortest paths without any of those paths (including
  equal-cost path splits) transiting that protected link.

  For example, the P-space of S with respect to link S-E is the set
  of routers that S can reach without using the protected link S-E.

So for R1, the routers that are reachable without the use of the failed link are R2 and R3 un

... Continue reading in our forum

Remote LFA and LFA , these are 2 separate terms …right …

can u describe little bit difference between them…??

Hello Narad

In short, an LFA is a next-hop route that delivers a packet to its destination without looping back.

A Loop-Free Alternate (LFA) is a concept that is used in various technologies, including OSPF, other routing protocols, as well as in MPLS. An LFA is a node other than the primary neighbor, or the primary next hop. It is a backup of sorts. Traffic is immediately directed towards the LFA after a network failure. The LFA will receive traffic and will continue to forward it without any knowledge of a failure. LFAs always use a directly connected ne

... Continue reading in our forum

Here we did enable LFA FRR because as the article says we do need to enable it for remote LFA FRR.
Question:
What will happen when both LFA and remote LFA options are available.
*I am guessing that normal LFA will be used because remote LFA was introduced only to deal with situations where normal LFA option cannot be used. Kindly elaborate.

3 more replies! Ask a question or join the discussion by visiting our Community Forum

Configuration

We're Sorry, Full Content Access is for Members Only...

Forum Replies