Created by - Orhan Ergun
Segment Routing Fast Reroute – Traffic Engineering with Segment Routing uses LFA mechanism to provide 50 msec fast reroute capability. Current Segment Routing implementation for the OSPF uses regular LFA (Loop Free Alternate) for fast reroute in Cisco devices. Because LFA (Loop Free Alternate) has topology limitations, it does not include many faulty scenarios. On the other hand, the IS-IS supports topology independent LFA and TI-LFA covers every faulty scenario. As of today, Segment Routing is enabled on ASR9000 and CRS1/3. Cisco NXOS software supports Segment Routing. Indeed, you do not need to configure tunnels, complex link, or node protection configuration to use LFA to provide fast reroute capability. At the background, SPF runs twice for the destination prefixes, which must be protected to calculate the loop free path. First, SPF finds the shortest path by calculating the primary path from the local router to the final router; second, SPF runs on the same router to find a loop free backup path. The backup path is installed and used on the FIB as soon as any glitch is detected. This is how LFA works, as it is not specific to Segment Routing. You may think that all these steps are quite intensive for the CPU. On the contrary, it is not. After the first SPF runs on the local router, the same router runs the second SPF from its adjacent neighbor point of view (OSPF and IS-IS have complete topology information with an area). The disadvantage of MPLS TE-FRR is not only its complexity, but also its similarity with SONET/SDH ring protection. Figure - MPLS traffic engineering vs segment routing In the topology shown above, R1-R2-R4-R7 is the primary path for the traffic between R1 and R8. If we set up MPLS Traffic Engineering link protection for the R2-R4 link, R2-R3-R4-R5-R6 will be the protection path. When the link between R2 and R4 fails, PLR (Point of Local Repair) will send the traffic to the alternate TE tunnel. In addition, the tunnel will travel to the MP (Merge Point), R4, and continue towards its final destination. Immediately IGP converges, Head End/R1 signals the new optimized LSP – R1-R2-R3-R5-R6-R8 – and the traffic travels to the new optimized LSP. If you use Segment Routing in the above topology, R2 could use R3 as LFA because R3 will not send the traffic to R2 or to the destination before R8. What’s more, the traffic would follow the R1-R2-R3-R5-R8 path instead of R5-R6-R4-R7-R8. Besides, two additional hops would not be passed. MPLS Traffic Engineering cannot use ECMP.To have ECMP capability, you need to create two parallel TE tunnels between the Head and the Tail End. As for the Segment Routing, Node/Prefix SID is flooded throughout the domain, and all the intermediate devices use ECMP paths. Node and Prefix SID is the same thing and assigned for the device loopbacks.
Published - Tue, 26 Nov 2019
Created by - Orhan Ergun
Packet loss with fast reroute - Do we still lose packet with fast reroute? One of my students asked me this question. And I would like to share the answer with everyone. Before we discuss whether or not we lose packet with fast reroute mechanisms, let’s remember what fast reroute is. It is pertinent to know that fast reroute is not the same as fast convergence. With fast convergence, we can touch protocol timers, squeeze them, and maybe tweak FIB prefix instalment method in order to install golden prefixes before the link prefixes. And in the end, we have less than a second convergence time. This may be enough for your network applications. But note that with fast convergence, a backup path is not pre-installed in the FIB. Fast reroute can provide 50ms convergence time. Yes, it can. And this is the most important difference from the end result point of view. But from the technology implementation point of view, the difference is that with fast reroute, a backup path is pre-installed in the FIB (Forwarding Information Base). So, if your fast reroute mechanism works based on a tunnel (Some FRR mechanisms don’t require a tunnel), a backup tunnel is pre-installed. And that is why fast reroute is known as a proactive, fast convergence is a reactive protection method. Let’s take a look at the question again. Do we still lose packet with fast reroute? The answer is YES. As I said, fast reroute can provide 50ms convergence time depending on mainly the fast failure detection time. This 50ms is the time between the failure and success of using a backup path. All the traffic in this 50 ms is lost. The application timeout can tolerate this. But I think it is important to know that there will be packet loss with fast reroute. Let's discuss more detail in my Instructor Led CCDE Training!
Published - Tue, 26 Nov 2019