MPLS Traffic Protection (Part 2) - Primary and Secondary Paths

Primary and Secondary Paths

With MPLS traffic engineering and CSPF, TED (Traffic Engineering Database) is used to calculate the best path for LSP that meet the user defined path constraints. If a LSP is defined without configuring the primary or secondary path then the default path establish for LSP is the primary path.

Primary Path  

• Primary path configuration is optional.
• If configured, LSP must use that path
• For a single LSP maximum only one primary path can be configured
• If a LSP configures without the primary or secondary path configuration and if ingress router fails to establish any path according to path constraints that LSP will remains down.
• Primary path can be reverted. Means once the path is available the LSP automatically switch back to the primary path.

 Revertive capability of LSP primary path depends on following timers.

Retry Timer: The time ingress router waits before attempts to establish primary path again. The default time is 30 seconds 
Retry Limit: The number of attempts ingress router will try to establish the fail path. Default value is zero, which means ingress router will continuously try to establish the fail primary path. However, if we define the limit and ingress router reaches to that limit, administrator has to manually clear the LSP to establish primary path again. 
Revert-Timer: The time ingress router has to wait after primary path available. It makes sure that the primary path is completely up and stable before LSP transfer back to its primary path. The default value is 60 seconds. If the value is set to zero LSP will never revert to primary path. In this case to use the primary path again administrator has to manually clear the LSP to once again use the primary path.

Let's configure a primary path with bandwidth 300mbps.

root@PE1# show protocols mpls
label-switched-path pe1-to-pe2 {
    from 192.168.100.1;
    to 192.168.200.1;
    primary primary-path {
        bandwidth 300m;
    }
}
path primary-path;
interface ge-0/0/0.0;

The following network diagram show the primary path establish from node PE1 to node PE2.

Figure-1: Primary Path

In figure-1 the primary path successfully establishes between PE1 to PE2 with bandwidth 300mbps. We can verify this with the show mpls lsp ingress extensive command.

Figure-2: Primary Path Details

One major problem is if the primary path will go down due to the failure of link or node, the ingress router will try to establish the new primary path with 300mbps bandwidth available throughout the path, but if no other path meets the bandwidth requirements (see Figure-1) ingress router can't establish the new primary path and LSP will remain down until the previous primary path restored. For details see the "MPLS Traffic Protection (Part1)". This issue can be solved by configuring the secondary path as backup of primary path with less (or no) bandwidth requirement.

Secondary Path

• Secondary paths are optional.
• We can define zero or more secondary paths.
• LSP use the secondary path only when the primary path is not available.
• Secondary paths can be configured without a primary path configured.
• Like in primary path secondary paths can contains the multiple user define path constraints for traffic engineering.
• If multiple secondary paths are defined LSP consider each secondary path equally and activate them in the order in which they are defined. 

Let's define the secondary path along the primary path.

root@PE1# run show configuration protocols mpls
label-switched-path pe1-to-pe2 {
    from 192.168.100.1;
    to 192.168.200.1;
    primary primary-path {
        bandwidth 300m;
    }
    secondary second-path {
        bandwidth 50m;
    }
}
path primary-path;
path second-path;
interface ge-0/0/0.0;

Figure-3: Primary and Secondary Paths

Figure-3 showing the LSP pe1-to-pe2 with primary and secondary paths establish between nodes PE1 and PE2

Figure-4: Primary and Secondary Paths Details

The sample output in Figure-4 we can see the primary and secondary paths, The Active Path showing that the Primary path is currently active and in use for forwarding traffic and secondary path is currently not active, it is showing as Dn (Down).

Suppose a primary path link between routers P2 and P3 will go down. P2 will detect this failure and send the ResvTear message to ingress router (PE1). ResvTear message informs the ingress router about the failure of primary path. After receive this message ingress router will clear the primary path and try to establish the secondary path. Once secondary path successfully establishes PE1 start using the secondary path for traffic forwarding. Because the revertive nature of primary path ingress router will continuously try to establish the primary path again. Later if a fail link/node of primary path restores or ingress router finds the new primary path according to user defined path constrains the ingress router will establish the primary path and switch the traffic to new primary path.

Figure-5 explain this fail over scenario.

Figure-5: Primary Path Failure

Verify the path status

Figure-6: Secondary Path

In sample output figure-6 shows the up status of secondary path after the primary path went down. Figure 7 shows the traffic lost between primary path to secondary path switch over.

Figure-7: Traffic Lost Between Primary to Secondary Switch over

We lost the traffic during the path transaction phase this is because ingress router always establishes the secondary path only once it receive ResvTear message from its downstream routers. We can reduce this traffic lost by adding other traffic protection mechanisms like Fast Reroute.

If a fail link between the routers P2 and P3 will restore the primary path for LSP will also restore. This is due to the revertive capability of primary path. When the primary path will up again the ingress router will not signal down the secondary path immediately and continue to forward traffic on the secondary path for 60 to 90 seconds, it is mainly due to the retry timer and revert timer. Once the timers are completed and primary path is still up ingress router clear the secondary path and switch over the data traffic back to the primary path.

Figure-8: Primary and Secondary Paths are UP

Sample output in Figure-8 showing that although primary path is up but router is still using secondary path as the active path for LSP. Also focus the time stamp of events.

Figure-9 Primary UP - Secondary Down

In Figure-9 sample output we can see that when the primary path is restored the ingress router revert the primary path and also signal down the secondary path. We can also see that the time between the event "CSPF: computation result is accepted" and the "event Select as active path: due to 'primary'" is 62 seconds.

Secondary Standby

By default, the secondary path will establish only when the primary path for LSP will down. As already discuss, when primary path fails ingress router will wait for ResvTear message and as the message receives it clears the primary path and then try to establish the secondary path. When primary path is up the ingress router will use that path as active path and secondary path will remains down. However, with standby option, ingress router can establish the secondary path while primary path is also established and active. Ingress router will locate the TED to find the secondary path that meets the path constraints and if it finds the path, the ERO is pass to RSVP and path is establish and place into up state.

The advantage of standby path is, when primary path will go down the ingress router will not require to find and establish secondary path as the secondary path will already establish and in up state the ingress router just need to transfer traffic from primary path to secondary path.

Let's configure secondary standby path for LSP

root@PE1# show protocols mpls                                              
label-switched-path pe1-to-pe2 {
    from 192.168.100.1;
    to 192.168.200.1;
    primary primary-path {
        bandwidth 300m;
    }
    secondary second-path {
        bandwidth 50m;
        standby;
    }
}
path primary-path;
path second-path;
interface ge-0/0/0.0;

Figure-10 Secondary Path with Standby

Figure-10 sample output verifies that both the primary and secondary paths are establish and in up state. When the secondary LSP is define with standby option configured, the egress router will show the two egress LSP establish. One is for primary path with reserve bandwidth 300mbps and the second is for secondary path with reserve bandwidth 50mbps.

As above LSP is configured on PE1 and it is in between the routers PE1 and PE2, PE2 router will install the two egress LSPs. See Figure-11 and Figure-12.

Figure-11: Two Egress LSPs on Egress Node

Figure-12

~~~~~ THE END ~~~~~~