IS-IS Loop-Free Alternate (LFA) or Fast Reroute¶
IS-IS Loop-Free Alternate or Fast-Reroute is a method to recover a routing path upon a network failure quickly.
Overview¶
IGPs like IS-IS are designed to automatically build the routing tables, based on information exchanged between routers. The tables are automatically updated when a change happens on the network, such as when a link or router is added or removed. After a failure occurs due to an accident or planned maintenance, the routing tables temporarily contain dead routing entries. Some packets are sent to unreachable targets and are lost until the IGP converges (i.e. all the routing tables are updated with the correct routes), which can take several seconds.
Reducing the recovery time from failure is critical to networks with applications that are sensitive to loss of connectivity (e.g. live voice and video traffic). Fast Reroute is a standard mechanism defined in RFC 5286 for addressing this issue. It allows networks to use alternate paths immediately after a link or neighboring router fails, without waiting for the IGP to converge.
LFA searches for a backup (aka alternate or repair) route for each prefix using the local link-state database. Basically, the LSP computation algorithm pre-selects the best available route to the prefix after the primary route. It checks that using the route does not create a routing loop. If it does, it places the route into the RIB as an alternative. The route is actually only set into the FIB when the primary route fails. Pre-computing alternate routes allows a repair path to be set up more quickly after a failure.
Note
LFA is a mechanism, not a protocol. It does not require any additional data exchange. Its activation only benefits the local router, so it can only be activated on a part of the routers.
LFA is triggered whenever a link falls down or an IS-IS adjacency drops due to a BFD delay timeout, Hello IS-IS delay timeout, or user IS-IS neighbor flushing.
The below graphic illustrates the recovery time with and without Fast Reroute.
Fast Reroute (LFA) principle¶
A failure is detected on the primary path. LFA sets up the backup path in a few tenths of a millisecond. Then, recalculation of the IGP link-state database sets up the final path, which in most cases is the backup path.
The loss of a link or neighboring router must be detected as soon as possible to trigger LFA quickly. To do this:
where possible, links between routers should be
point-to-point. They should not pass through switches so that the physical link-state reflects the actual state of the link and the neighboring router.The use of BFD between neighbors allows for the detection of a neighbor failure before the IGP Hellos does. BFD should be enabled on each IS-IS adjacency and its timers should be set to the lowest possible value.
Two types of Fast Reroute features are available on the Virtual Service Router:
LFA (aka IP-LFA or IP-FRR) is the classic RFC 5286 mechanism. It precomputes backup routes using the IS-IS IPv4 and IPv6 link-state databases and can find alternatives for about 80% of the routes, depending on the network topology.
Topology Independent Loop-Free Alternate (TI-LFA) relies on Segment-Routing to provide repair paths for 100% of failure cases. It is a draft RFC at this time (https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-segment-routing-ti-lfa-08).
Note
Since IP LFA is not capable of finding alternatives for all the routes, we recommend the following practices to minimize routing convergence time after a failure. At a minimum, they consist of:
optimizing the network topology:
dividing the network into smaller areas (using IS-IS levels)
and using
point-to-pointlinks between routers.
Allocating enough RAM and CPU to the router control plane to quickly process the link-state updates.
Basic configuration¶
The below network topology shows a primary routing path from rt1 to rt4 and
the alternate path from LFA. Each rtX router has a loopback IP address in
the format X.X.X.X.
IS-IS network with four router instances.¶
The rt1 configuration is shown here. The highlighted command enables LFA
on the eth2 interface for the IS-IS level 1 so that alternatives to routes
via eth2 are precomputed.
rt1 running vrf main# interface physical eth2
rt1 running physical eth2#! ipv4 address 10.126.0.3/24
rt1 running physical eth2# port pci-b0s5
rt1 running physical eth2# ..
rt1 running interface# physical eth1
rt1 running physical eth1#! ipv4 address 10.130.0.3/24
rt1 running physical eth1# port pci-b0s4
rt1 running physical eth1# ..
rt1 running interface# loopback loop1
rt1 running loopback loop1# ipv4 address 1.1.1.1/32
rt1 running loopback loop1# .. ..
rt1 running vrf main# routing
rt1 running routing# interface loop1
rt1 running interface loop1# isis area-tag 1
rt1 running interface loop1# isis ipv4-routing true
rt1 running interface loop1# ..
rt1 running routing# interface eth2
rt1 running interface eth2# isis area-tag 1
rt1 running interface eth2# isis ipv4-routing true
rt1 running interface eth2# isis network-point-to-point true
rt1 running interface eth2# isis hello interval level-1 1
rt1 running interface eth2# isis hello multiplier level-1 3
rt1 running interface eth2# isis fast-reroute lfa level-1
rt1 running lfa level-1# enabled true
rt1 running lfa level-1# .. .. ..
rt1 running interface eth2# ..
rt1 running routing# interface eth1
rt1 running interface eth1# isis area-tag 1
rt1 running interface eth1# isis ipv4-routing true
rt1 running interface eth1# isis network-point-to-point true
rt1 running interface eth1# isis hello interval level-1 1
rt1 running interface eth1# isis hello multiplier level-1 3
rt1 running interface eth1# isis metric level-1 20
rt1 running interface eth1# ..
rt1 running routing# isis instance 1
rt1 running instance 1# is-type level-1
rt1 running instance 1# area-address 49.0000.0007.e901.3333.00
rt1 running instance 1# lsp timers level-1
rt1 running level-1# generation-interval 1 refresh-interval 900 maximum-lifetime 1200
rt1 running level-1# .. .. ..
rt1 running instance 1# redistribute ipv4 connected level-1
rt1 running ipv4 connected level-1# .. ..
rt1 running instance 1#
The example will show that shutting down an opposite link on the neighboring router triggers the LFA route failover because there is no switch device between the two. An IS-IS BFD configuration would also be required to detect other cases of adjacency failure before the IS-IS Hello timeout is exceeded. See Using BFD with ISIS for more information.
Note
In the example, a delay of 15s is added before the SPF recomputation when the topology changes. It allows time to notice the result of an LFA change itself. No delay is necessary under normal conditions.
rt1 running config# vrf main
rt1 running vrf main# routing isis instance 1
rt1 running instance 1# spf ietf-backoff-delay
rt1 running ietf-backoff-delay#! init-delay 15000 short-delay 0 long-delay 0 hold-down 0 time-to-learn 0
rt1 running ietf-backoff-delay#
Pre-computed LFA backup routes are available via the eth1 interface.
rt1> show isis route backup
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
--------------------------------------------------------
3.3.3.3/32 40 eth1 10.130.0.1 -
4.4.4.4/32 40 eth1 10.130.0.1 -
10.125.0.0/24 30 eth1 10.130.0.1 -
10.126.0.0/24 40 eth1 10.130.0.1 -
The RIB output contains backup routes prefixed by the b code.
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 01:41:33
I>* 2.2.2.2/32 [115/30] via 10.126.0.2, eth2, weight 1, 00:07:09
* via 10.130.0.1, eth1, weight 1, 00:07:09
I>* 3.3.3.3/32 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:01:23
b via 10.130.0.1, eth1, weight 1
I>* 4.4.4.4/32 [115/30] via 10.126.0.2, eth2, weight 1, backup 0, 00:01:23
b via 10.130.0.1, eth1, weight 1
I>* 10.125.0.0/24 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:01:23
b via 10.130.0.1, eth1, weight 1
I 10.126.0.0/24 [115/20] via 10.126.0.2, eth2 inactive, weight 1, backup 0, 00:01:23
b via 10.130.0.1, eth1, weight 1
C>* 10.126.0.0/24 is directly connected, eth2, 01:41:33
I 10.130.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:07:09
via 10.130.0.1, eth1 inactive, weight 1, 00:07:09
C>* 10.130.0.0/24 is directly connected, eth1, 01:41:33
Note
The Virtual Service Router applies, by default, a metric of 10 on loopback interfaces that is added to the sum of link metrics when calculating the path. There is no standard for IS-IS loopback metrics. Some vendors apply, for instance, a metric of 0. We recommend setting consistent loopback metrics across the IS-IS routers.
The rt3 eth1 interface is shut down, causing the rt1 eth2 link to go
down. Highlighted routes that were backups are now primary.
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 01:43:19
I>* 2.2.2.2/32 [115/30] via 10.126.0.2, eth2, weight 1, 00:08:55
* via 10.130.0.1, eth1, weight 1, 00:08:55
I>* 3.3.3.3/32 [115/40] via 10.130.0.1, eth1, weight 1, 00:00:08
I>* 4.4.4.4/32 [115/40] via 10.130.0.1, eth1, weight 1, 00:00:08
I>* 10.125.0.0/24 [115/30] via 10.130.0.1, eth1, weight 1, 00:00:08
I>* 10.126.0.0/24 [115/40] via 10.130.0.1, eth1, weight 1, 00:00:08
I 10.130.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:08:55
via 10.130.0.1, eth1 inactive, weight 1, 00:08:55
C>* 10.130.0.0/24 is directly connected, eth1, 01:43:19
After the recomputation of SPF, the IS-IS routes are refreshed.
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 01:43:30
I>* 2.2.2.2/32 [115/30] via 10.130.0.1, eth1, weight 1, 00:00:04
I>* 3.3.3.3/32 [115/40] via 10.130.0.1, eth1, weight 1, 00:00:04
I>* 4.4.4.4/32 [115/40] via 10.130.0.1, eth1, weight 1, 00:00:04
I>* 10.125.0.0/24 [115/30] via 10.130.0.1, eth1, weight 1, 00:00:04
I>* 10.126.0.0/24 [115/40] via 10.130.0.1, eth1, weight 1, 00:00:19
I 10.130.0.0/24 [115/40] via 10.130.0.1, eth1 inactive, weight 1, 00:00:04
C>* 10.130.0.0/24 is directly connected, eth1, 01:43:30
Advanced configuration¶
Backup route load sharing¶
rt5 is added to the previous topology. The example will show that backup
route load-sharing (aka ECMP) is possible and enabled by default.
IS-IS network with five instances.¶
rt1 eth3 is configured.
rt1 running vrf main# interface physical eth3
rt1 running physical eth3#! ipv4 address 10.127.0.3/24
rt1 running physical eth3# port pci-b0s6
rt1 running physical eth3# .. ..
rt1 running vrf main# routing
rt1 running routing# interface eth3
rt1 running interface eth3# isis area-tag 1
rt1 running interface eth3# isis ipv4-routing true
rt1 running interface eth3# isis hello interval level-1 1
rt1 running interface eth3# isis hello multiplier level-1 3
rt1 running interface eth3# isis metric level-1 20
A new backup route is now on eth3.
rt1> show isis route backup
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
--------------------------------------------------------
3.3.3.3/32 40 eth1 10.130.0.1 -
eth3 10.127.0.4 -
4.4.4.4/32 40 eth1 10.130.0.1 -
eth3 10.127.0.4 -
10.125.0.0/24 30 eth1 10.130.0.1 -
eth3 10.127.0.4 -
10.126.0.0/24 40 eth1 10.130.0.1 -
eth3 10.127.0.4 -
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 02:21:09
I>* 2.2.2.2/32 [115/30] via 10.126.0.2, eth2, weight 1, 00:02:15
* via 10.130.0.1, eth1, weight 1, 00:02:15
I>* 3.3.3.3/32 [115/20] via 10.126.0.2, eth2, weight 1, backup 0,1, 00:02:15
b via 10.130.0.1, eth1, weight 1
b via 10.127.0.4, eth3, weight 1
I>* 4.4.4.4/32 [115/30] via 10.126.0.2, eth2, weight 1, backup 0,1, 00:02:15
b via 10.130.0.1, eth1, weight 1
b via 10.127.0.4, eth3, weight 1
I>* 5.5.5.5/32 [115/20] via 10.126.0.2, eth2, weight 1, 00:02:15
* via 10.127.0.4, eth3, weight 1, 00:02:15
I>* 10.125.0.0/24 [115/20] via 10.126.0.2, eth2, weight 1, backup 0,1, 00:02:15
b via 10.130.0.1, eth1, weight 1
b via 10.127.0.4, eth3, weight 1
I 10.126.0.0/24 [115/20] via 10.126.0.2, eth2 inactive, weight 1, backup 0,1, 00:02:15
b via 10.130.0.1, eth1, weight 1
b via 10.127.0.4, eth3, weight 1
C>* 10.126.0.0/24 is directly connected, eth2, 00:23:28
I 10.127.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:02:15
via 10.127.0.4, eth3 inactive, weight 1, 00:02:15
C>* 10.127.0.0/24 is directly connected, eth3, 00:13:35
I 10.130.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:02:15
via 10.130.0.1, eth1 inactive, weight 1, 00:02:15
C>* 10.130.0.0/24 is directly connected, eth1, 02:21:09
ECMP for backup routes is globally disabled.
rt1 running config# vrf main
rt1 running vrf main# routing
rt1 running routing# isis instance 1
rt1 running instance 1# fast-reroute load-sharing level-1 false
The backup routes now only use one of the two possible interfaces.
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 03:06:16
I>* 2.2.2.2/32 [115/30] via 10.126.0.2, eth2, weight 1, 00:47:22
* via 10.130.0.1, eth1, weight 1, 00:47:22
I>* 3.3.3.3/32 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:02:38
b via 10.130.0.1, eth1, weight 1
I>* 4.4.4.4/32 [115/30] via 10.126.0.2, eth2, weight 1, backup 0, 00:02:38
b via 10.130.0.1, eth1, weight 1
I>* 5.5.5.5/32 [115/20] via 10.126.0.2, eth2, weight 1, 00:47:22
* via 10.127.0.4, eth3, weight 1, 00:47:22
I>* 10.125.0.0/24 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:02:38
b via 10.130.0.1, eth1, weight 1
I 10.126.0.0/24 [115/20] via 10.126.0.2, eth2 inactive, weight 1, backup 0, 00:02:38
b via 10.130.0.1, eth1, weight 1
C>* 10.126.0.0/24 is directly connected, eth2, 01:08:35
I 10.127.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:47:22
via 10.127.0.4, eth3 inactive, weight 1, 00:47:22
C>* 10.127.0.0/24 is directly connected, eth3, 00:58:42
I 10.130.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:47:22
via 10.130.0.1, eth1 inactive, weight 1, 00:47:22
C>* 10.130.0.0/24 is directly connected, eth1, 03:06:16
LFA interface exclusion¶
LFA is still enabled on eth2 and the ECMP backup route functionality has
been re-enabled.
eth1 is excluded from the LFA backup selection process for alternatives
to primary routes via eth2.
rt1 running config# vrf main
rt1 running vrf main# routing interface eth2
rt1 running interface eth2# isis fast-reroute lfa level-1 exclude-interface eth1
rt1 running interface eth2#
The backup route via the eth1 interface is removed.
rt1> show isis route backup
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
--------------------------------------------------------
3.3.3.3/32 40 eth3 10.127.0.4 -
4.4.4.4/32 40 eth3 10.127.0.4 -
10.125.0.0/24 30 eth3 10.127.0.4 -
10.126.0.0/24 40 eth3 10.127.0.4 -
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 03:10:59
I>* 2.2.2.2/32 [115/30] via 10.126.0.2, eth2, weight 1, 00:52:05
* via 10.130.0.1, eth1, weight 1, 00:52:05
I>* 3.3.3.3/32 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:00:05
b via 10.127.0.4, eth3, weight 1
I>* 4.4.4.4/32 [115/30] via 10.126.0.2, eth2, weight 1, backup 0, 00:00:05
b via 10.127.0.4, eth3, weight 1
I>* 5.5.5.5/32 [115/20] via 10.126.0.2, eth2, weight 1, 00:52:05
* via 10.127.0.4, eth3, weight 1, 00:52:05
I>* 10.125.0.0/24 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:00:05
b via 10.127.0.4, eth3, weight 1
I 10.126.0.0/24 [115/20] via 10.126.0.2, eth2 inactive, weight 1, backup 0, 00:00:05
b via 10.127.0.4, eth3, weight 1
C>* 10.126.0.0/24 is directly connected, eth2, 01:13:18
I 10.127.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:52:05
via 10.127.0.4, eth3 inactive, weight 1, 00:52:05
C>* 10.127.0.0/24 is directly connected, eth3, 01:03:25
I 10.130.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:52:05
via 10.130.0.1, eth1 inactive, weight 1, 00:52:05
C>* 10.130.0.0/24 is directly connected, eth1, 03:10:59
Excluding some interfaces from the computation of LFA can be used on sub-interfaces sharing the same risk. For example, assuming that the primary and backup routes are on VLAN sub-interfaces of the same physical interface, excluding the VLAN interfaces from the calculation of LFA is useful for promoting backup routes via another interface that will not share the same physical interface.
LFA route filtering¶
By default, LFA processes all prefixes on its interfaces and assigns a priority to each of them:
mediumfor all host prefixes (i.e./32IPv4 and/128IPv6 host prefixes)lowfor all others.
LFA is configured to only compute backup routes for prefixes of medium and
higher priority.
rt1 running config# vrf main
rt1 running vrf main# routing isis instance 1
rt1 running instance 1# fast-reroute priority-limit level-1 medium
Only the loopback addresses now have backup routes.
rt1> show isis route backup
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
--------------------------------------------------------
3.3.3.3/32 40 eth3 10.127.0.4 -
4.4.4.4/32 40 eth3 10.127.0.4 -
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 03:17:24
I>* 2.2.2.2/32 [115/30] via 10.126.0.2, eth2, weight 1, 00:58:30
* via 10.130.0.1, eth1, weight 1, 00:58:30
I>* 3.3.3.3/32 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:00:27
b via 10.127.0.4, eth3, weight 1
I>* 4.4.4.4/32 [115/30] via 10.126.0.2, eth2, weight 1, backup 0, 00:00:27
b via 10.127.0.4, eth3, weight 1
I>* 5.5.5.5/32 [115/20] via 10.126.0.2, eth2, weight 1, 00:58:30
* via 10.127.0.4, eth3, weight 1, 00:58:30
I>* 10.125.0.0/24 [115/20] via 10.126.0.2, eth2, weight 1, 00:01:05
I 10.126.0.0/24 [115/20] via 10.126.0.2, eth2 inactive, weight 1, 00:01:05
C>* 10.126.0.0/24 is directly connected, eth2, 01:19:43
I 10.127.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:58:30
via 10.127.0.4, eth3 inactive, weight 1, 00:58:30
C>* 10.127.0.0/24 is directly connected, eth3, 01:09:50
I 10.130.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 00:58:30
via 10.130.0.1, eth1 inactive, weight 1, 00:58:30
C>* 10.130.0.0/24 is directly connected, eth1, 03:17:24
The high priority is assigned to the 10.125.0.0/24 prefix using an
access-list.
rt1 running config# routing ipv4-access-list PREFIX-PRIO-ACL
rt1 running ipv4-access-list PREFIX-PRIO-ACL# remark used_for_ipv4_prefixes
rt1 running ipv4-access-list PREFIX-PRIO-ACL# seq 5 permit 10.125.0.0/24
rt1 running ipv4-access-list PREFIX-PRIO-ACL# /
rt1 running config# vrf main routing isis instance 1
rt1 running instance 1# spf prefixes-priorities high access-list-name PREFIX-PRIO-ACL
Note
Using IPv4 and IPv6 LFA filtering at the same time requires the use of the same access-list name for both IP versions.
A backup route is now present in the RIB for the 10.125.0.0/24 prefix.
rt1> show isis route backup
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
--------------------------------------------------------
3.3.3.3/32 40 eth3 10.127.0.4 -
4.4.4.4/32 40 eth3 10.127.0.4 -
10.125.0.0/24 30 eth3 10.127.0.4 -
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 03:21:55
I>* 2.2.2.2/32 [115/30] via 10.126.0.2, eth2, weight 1, 01:03:01
* via 10.130.0.1, eth1, weight 1, 01:03:01
I>* 3.3.3.3/32 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:01:02
b via 10.127.0.4, eth3, weight 1
I>* 4.4.4.4/32 [115/30] via 10.126.0.2, eth2, weight 1, backup 0, 00:01:02
b via 10.127.0.4, eth3, weight 1
I>* 5.5.5.5/32 [115/20] via 10.126.0.2, eth2, weight 1, 01:03:01
* via 10.127.0.4, eth3, weight 1, 01:03:01
I>* 10.125.0.0/24 [115/20] via 10.126.0.2, eth2, weight 1, backup 0, 00:01:02
b via 10.127.0.4, eth3, weight 1
I 10.126.0.0/24 [115/20] via 10.126.0.2, eth2 inactive, weight 1, 00:01:46
C>* 10.126.0.0/24 is directly connected, eth2, 01:24:14
I 10.127.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 01:03:01
via 10.127.0.4, eth3 inactive, weight 1, 01:03:01
C>* 10.127.0.0/24 is directly connected, eth3, 01:14:21
I 10.130.0.0/24 [115/40] via 10.126.0.2, eth2, weight 1, 01:03:01
via 10.130.0.1, eth1 inactive, weight 1, 01:03:01
C>* 10.130.0.0/24 is directly connected, eth1, 03:21:55
TI-LFA configuration¶
TI-LFA advantage over classic IP LFA¶
IP LFA provides backup entries for IPv4 and IPv6 routing tables. By definition, a failover to a backup route should not create a routing loop. That is to say, on the alternate routing path, no router should forward a packet on the input interface. However routing backwards sometimes happens, when the best metric to the destination is lower via the ingress interface. Depending on the topology, about 20% of the cases are not covered because of this problem.
In the diagram below, the primary route on rt1 to rt4 via rt2 has a path
metric of 50 and the candidate one via rt3, 120. If the rt1 to rt2 link
fails, this route will send packets to rt3. When LFA is applied, the
SPF recomputation has not yet occured. rt3 is not aware of the link failure.
The path to rt4 via rt1 and rt2 has a metric of 80. Although the path is
dead, it is selected over the direct rt3 to rt4 path which has a metric of
90. Traffic is sent back to rt1 and rerouted to rt3. Because of the
routing loop, the route to rt4 on rt1 has no LFA alternates.
IS-IS network with four router instances.¶
When Segment Routing is enabled on the IS-IS topology,
the SR tables contain the complete list of segments that must be traversed to
reach each prefix. For instance, rt1 knows that in order to reach rt4, a
packet must pass through the segment rt1 to rt2 and then through the
segment from rt2 to rt4. When it sends a packet, rt1 attaches to it the
list of SIDs it must traverse. rt2 receives the packet, removes the SID
from rt1 to rt2 and forwards the packet to the next segment: rt2 to rt4.
The alternate path can be described as the segment rt1 to rt3 plus the rt3
to rt4 segment. Assuming the link rt1 to rt2 is down, rt1 could
successfully send a packet to rt4. To do so, it would attach to the packet the
SIDs of the alternative, loop-free path.
TI-LFA takes advantage of SR to offer loop-free alternative paths in all cases as soon as a deviation from a failed link or router exists.
Configuration¶
The below diagram repeats the topology of the previous figure with more
information. It shows a primary routing path from rt1 to rt4 and the
alternate path from TI-LFA.
IS-IS network with four router instances.¶
The rt1 IS-IS configuration is shown here without SR and TI-LFA for the
moment.
rt1 running config# vrf main
rt1 running vrf main# interface physical eth2
rt1 running physical eth2#! ipv4 address 10.126.0.1/24
rt1 running physical eth2# port pci-b0s5
rt1 running physical eth2# ..
rt1 running interface# physical eth1
rt1 running physical eth1#! ipv4 address 10.130.0.1/24
rt1 running physical eth1# port pci-b0s4
rt1 running physical eth1# ..
rt1 running interface# loopback loop1
rt1 running loopback loop1# ipv4 address 1.1.1.1/32
rt1 running loopback loop1# .. ..
rt1 running vrf main# routing
rt1 running routing# interface loop1
rt1 running interface loop1# isis area-tag 1
rt1 running interface loop1# isis ipv4-routing true
rt1 running interface loop1# ..
rt1 running routing# interface eth2
rt1 running interface eth2# isis area-tag 1
rt1 running interface eth2# isis ipv4-routing true
rt1 running interface eth2# isis network-point-to-point true
rt1 running interface eth2# isis hello interval level-1 1
rt1 running interface eth2# isis hello multiplier level-1 3
rt1 running interface eth1# isis metric level-1 30
rt1 running interface eth2# ..
rt1 running routing# interface eth1
rt1 running interface eth1# isis area-tag 1
rt1 running interface eth1# isis ipv4-routing true
rt1 running interface eth1# isis network-point-to-point true
rt1 running interface eth1# isis hello interval level-1 1
rt1 running interface eth1# isis hello multiplier level-1 3
rt1 running interface eth1# isis metric level-1 40
rt1 running interface eth1# ..
rt1 running routing# isis instance 1
rt1 running instance 1# is-type level-1
rt1 running instance 1# area-address 49.0000.0007.e901.1111.00
rt1 running instance 1# lsp timers level-1
rt1 running level-1# generation-interval 1 refresh-interval 900 maximum-lifetime 1200
rt1 running level-1# .. .. ..
rt1 running instance 1# redistribute ipv4 connected level-1
Classic IP LFA is enabled on the eth1 and eth2 interface for the IS-IS
level 1.
rt1 running config# vrf main
rt1 running vrf main# routing
rt1 running routing# interface eth1
rt1 running interface eth1# isis fast-reroute lfa level-1
rt1 running lfa level-1# enabled true
rt1 running lfa level-1# ..
rt1 running interface eth1# ..
rt1 running routing# interface eth2
rt1 running interface eth2# isis fast-reroute lfa level-1
rt1 running lfa level-1# enabled true
Classic LFA is not able to find backup routes for the loopback addresses.
rt1> show isis route backup
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
--------------------------------------------------------
10.126.0.0/24 110 eth1 10.130.0.1 -
10.129.0.0/24 140 eth1 10.130.0.1 -
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 00:26:50
I>* 2.2.2.2/32 [115/50] via 10.130.0.1, eth1, weight 1, 00:00:38
I>* 3.3.3.3/32 [115/40] via 10.126.0.2, eth2, weight 1, 00:00:22
I>* 4.4.4.4/32 [115/60] via 10.130.0.1, eth1, weight 1, 00:00:05
I>* 10.125.0.0/24 [115/50] via 10.130.0.1, eth1, weight 1, 00:01:46
I 10.126.0.0/24 [115/60] via 10.126.0.2, eth2 inactive, weight 1, backup 0, 00:00:05
b via 10.130.0.1, eth1, weight 1
C>* 10.126.0.0/24 is directly connected, eth2, 00:26:50
I>* 10.129.0.0/24 [115/120] via 10.126.0.2, eth2, weight 1, backup 0, 00:00:05
b via 10.130.0.1, eth1, weight 1
I 10.130.0.0/24 [115/80] via 10.130.0.1, eth1 inactive, weight 1, backup 0, 00:00:05
b via 10.126.0.2, eth2, weight 1
C>* 10.130.0.0/24 is directly connected, eth1, 00:26:50
Classic LFA is replaced by TI-LFA and SR is enabled.
rt1 running config# vrf main
rt1 running vrf main# routing
rt1 running routing# interface eth1
rt1 running interface eth1# del isis fast-reroute lfa level-1
rt1 running interface eth1# isis fast-reroute ti-lfa level-1
rt1 running lfa level-1# enabled true
rt1 running lfa level-1# ..
rt1 running interface eth1# ..
rt1 running routing# interface eth2
rt1 running interface eth2# del isis fast-reroute lfa level-1
rt1 running interface eth2# isis fast-reroute ti-lfa level-1
rt1 running lfa level-1# enabled true
rt1 running lfa level-1# .. ..
rt1 running routing# isis instance 1
rt1 running instance 1# segment-routing
rt1 running segment-routing# enabled true
rt1 running segment-routing# msd node-msd 8
rt1 running segment-routing# prefix-sid-map 1.1.1.1/32 sid-value 11
Pre-computed TI-LFA backup routes are now available for all prefixes.
rt1> show isis route backup
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
------------------------------------------------------------------
2.2.2.2/32 140 eth2 10.126.0.2 16033/15001/16022
3.3.3.3/32 150 eth1 10.130.0.1 16044/15000
4.4.4.4/32 130 eth2 10.126.0.2 16033/15001
10.125.0.0/24 130 eth2 10.126.0.2 16033/15001
10.126.0.0/24 170 eth1 10.130.0.1 16044/15000
10.129.0.0/24 140 eth1 10.130.0.1 -
10.130.0.0/24 170 eth2 10.126.0.2 16033/15001
The RIB output contains backup routes prefixed by the b code.
rt1> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 1.1.1.1/32 is directly connected, loop1, 17:15:52
I>* 2.2.2.2/32 [115/50] via 10.130.0.1, eth1, label implicit-null, weight 1, backup 0, 00:00:02
b via 10.126.0.2, eth2, label 16033/15001/16022, weight 1
I>* 3.3.3.3/32 [115/40] via 10.126.0.2, eth2, label implicit-null, weight 1, backup 0, 00:00:02
b via 10.130.0.1, eth1, label 16044/15000, weight 1
I>* 4.4.4.4/32 [115/60] via 10.130.0.1, eth1, label 16044, weight 1, backup 0, 00:00:02
b via 10.126.0.2, eth2, label 16033/15001, weight 1
I>* 10.125.0.0/24 [115/50] via 10.130.0.1, eth1, weight 1, backup 0, 00:00:02
b via 10.126.0.2, eth2, label 16033/15001, weight 1
I 10.126.0.0/24 [115/60] via 10.126.0.2, eth2 inactive, weight 1, backup 0, 00:00:02
b via 10.130.0.1, eth1, label 16044/15000, weight 1
C>* 10.126.0.0/24 is directly connected, eth2, 17:15:52
I>* 10.129.0.0/24 [115/120] via 10.126.0.2, eth2, weight 1, backup 0, 00:00:02
b via 10.130.0.1, eth1, weight 1
I 10.130.0.0/24 [115/80] via 10.130.0.1, eth1 inactive, weight 1, backup 0, 00:00:02
b via 10.126.0.2, eth2, label 16033/15001, weight 1
C>* 10.130.0.0/24 is directly connected, eth1, 17:15:52
Fast Reroute load sharing and Fast Reroute filtering options described on the previous paragraph are also applicable to TI-LFA.