Thursday, 1 February 2018

MPLS Traffic Protection (Part 3) - FAST REROUTE

FAST REROUTE (FRR)

The secondary path provides the backup for primary path. By configuring the secondary path as standby, we make sure that the secondary path will pre-establish and ready to use, and shouldn't wait for primary path failure. However, as we already discuss this in our earlier post "MPLS Traffic Protection (Part 1)" the ingress router will switch over to secondary path only when it receives the ResvTear message from downstream routers. When an intermediate link or node fails the downstream node that detects the failure will send the message to ingress router along the LSP path. Upon receiving this message ingress router will clear the primary path and switch over the traffic to already establish secondary path.

Figure-1: Primary LSP Failure and RESVTEAR Message
Here we have a link state path with primary and secondary paths establish. Suppose the link between nodes P3 and P6 went down. The node P3 will detect this failure and send RESVTEAR message to node P2 along the LSP path. P2 will process the message and send it to P1, P1 also process the message and send it to ingress router PE1. After PE1 receives the RESVTEAR message PE1 will clear the primary path of LSP and transfer the data to already establish secondary path. 

Here comes a central problem that is the data packets will have lost in between the time when a failure occurs and the time when ingress router will notify about the failure. That time depends on number of hops the RESVTEAR message will traverse. 

The solution for this problem is to use the Fast Reroute for LSP. With Fast Reroute each router along the primary path of LSP will establish the detour paths. These detour paths enable the LSP to keep delivering the traffic via detour paths when a primary path link or node failure occurs. When a path failure occurs the router that detect the failure will immediately forwards the traffic for the LSP along the detour path. It will minimize the traffic lost during primary path failure and intimation of that failure to the ingress router. Note that Fast Reroute is a short-term solution whereas the secondary path (with or without standby) is a long-term solution. 

When we enable the fast reroute, ingress router will add an object in RSVP message telling the downstream routers to establish the detour paths if possible. When a primary path failure occurs and detour path is available, the router that detect the failure immediately forwards the traffic along the detour path, also generates the PATHERR message and send that message to ingress router. This error message informs the ingress router about a failure of primary path and that the detour is being use to forward the traffic. If any downstream node fails to find the detour path it sends the RESVTEAR message instead of PATHERR message to ingress node to intimate about the path failure.  After the ingress node receive PATHERR message and if secondary path is already established the ingress router switch over the traffic on secondary path. The ingress node will clear the primary path with its detour paths and attempts to locate new primary path that match the primary path constraints. 

The same process occurs when secondary path is available but not pre-established (without standby), in that case ingress node will first signals and establish the secondary path, moves traffic to secondary path and then removes the primary path and its detour paths. If no secondary path is defined, the ingress router examines the TED to locate new primary path according to the defined primary path constraints. If ingress router finds the new primary path it creates new primary path for LSP and moves traffic on it and then clear the previous fail primary path and its detour paths. One more possibility is that there may be no secondary paths defined and CSPF algorithm might not able to find a new primary path that meets the path constraints. When this happens the fast reroute paths will stay up indefinitely and the ingress router continue to forward traffic using the detour paths. 

 By default, the fast reroute detours will inherit only the administrative groups (affinity) settings from the original LSP. This means the detour path must contain the affinity values that are define in LSP configuration however by default detour path will not consider the bandwidth requirements define in LSP settings therefor it is possible for a detour path to have subsequently less bandwidth than was specified in original LSP. 

The following fast reroute parameters can be configured
  1. Bandwidth 
  2. Hop-limit 
  3. Include and exclude administrative groups (enable by default) 
Note that each downstream node along LSP path tries to originate its own detours. However it is possible that a given node is not be able to establish the detour path. The result is that some portion of primary path might have fast reroute protection while others do not. 

Let's understand this with the help of following figure


Figure-2: Example Network Diagram  

Fast Reroute Configuration

root@PE1# show protocols mpls
label-switched-path pe1-to-pe2 {
    from 192.168.100.1;
    to 192.168.200.1;
    fast-reroute;
    primary primary-path {
        bandwidth 300m;
    }
    secondary second-path {
        bandwidth 50m;
        standby;
    }
}
path primary-path;
path second-path;
interface ge-0/0/0.0;

Figure-3: Detour Paths
As we already discuss, the detour path will inherit only the affinity values from original LSP. Apart from that the detour path will establish with shortest CSPF metric value. Figure-3 shows the detour paths for LSP pe1-to-pe2. Here the detour paths establish for P1, P2 and P3 routers. It Starts with the ingress router signals the fast reroute to all downstream nodes along primary path of LSP. Although not shown in above figure, since the secondary path is pre-establish using the standby option the detour paths also establish for the secondary path of LSP.

The node PE1 try to calculate and establish fast reroute path to node PE2 that avoids the P1 node and its links. The PE1 router can't bypass P1 router thus can't establish the detour path for PE1 as there is only a single path available between node PE1 and node P1. The sample output in Figure-4 we can see that Fast Reroute desire object is included in PATH message.

Figure-4: PE1 show mpls lsp extensive
In Record Route flag = 9 is indicates that both the node and link protection available, and flag =1 indicates only link protection is available for the downstream node. In Figure-4 the primary path of LSP 172.16.1.2 (P1), 172.16.11.2 (P2) has node protection and 172.16.13.1 (P3) has only link protection. Same with secondary path of LSP 172.16.1.2 (P1), 172.16.21.2 (P4) has node protection and 172.16.22.2 (P5) has only link protection. For both primary (172.16.13.1) and secondary (172.16.23.1) the P6 node has no flags means P6 has neither the node protection nor the link protection.

Figure-5: P1 show mpls lsp extensive
The sample output in Figure-5 Node P1 calculates and establish a detour path around P2 to PE2. Node P1 successfully establish the detour path and avoids P2 node and its links. The detour path is establish through P4(172.16.21.2), P5(172.16.22.2), P6(172.16.23.1) to PE2 (172.16.2.1) with CSPF metric value is 4. Detour path MPLS label is 299888.

Figure-6: P2 show mpls lsp extensive
The sample output in Figure-6 shows that a detour is established on node P2, it avoids P3 node and P3 links. The detour path is established through P4 (172.16.31.2), P5 (172.16.22.2) and P6(172.16.23.1) to PE2 (172.16.2.1). The detour path MPLS label is 299920.

Figure-7: P3 show mpls lsp extensive
The sample output in Figure-7 shows the detour is establish and avoids the link between the P3 node and P6 node. The detour path is established through P5 (172.16.32.2) and P6 (172.16.23.1) to PE2 (172.16.2.1). As node P3 can't avoid the node P6 to reach PE2 therefor the detour can't provide node protection on P3 but still it can provide the link protection by establish the detour path via P5. The detour path label is 299824.

Figure-8: P4 show mpls lsp extensive
In sample output Figure-8, node P4 has two branch detours. The first from node P1 to avoid P2 (172.16.11.2) and the second is from node P2 to avoid P3 (172.16.12.2). The label in value for detour LSP from P1 is 299888 that also the label out value in P1 detour LSP (see Figure-5). The label in value for detour LSP from P2 is 299920 that also the label out in P2 detour LSP (see Figure-6). Since P4 is use as transit router for both P1 and P2 detours and the next-hop for both detours LSP is same that is node P5, therefor P4 can merge the two detour paths together as indicated by the identical label out value 299840. This means that whether P4 receives traffic from P1 with a label value of 299888 or from P2 with a label value of 299920, P4 forwards the packet to P5 with a label value 299840.   

Figure-9: P5 show mpls lsp extensive
In Figure-9 the sample output from node P5 showing the three detour branch paths. The first is Detour branch from 172.16.32.1, receive from node P3 and it is use to bypass the link between node P3 and P6. The label in value for detour LSP is 299824 that is also the label out value in P3 detour LSP (see Figure-7). The second is Detour branch from 172.16.21.1 (node P1) and it does not include path information because P4 has merged the detours paths both from P1 and P2. The third is Detour branch from 172.16.31.1 (node P2) and it receives from node P4 (172.16.22.1) with label in value is 299840. Since node P4 merge both P1 and P2 detours therefor on P5 this detour provides path information for both P1 and P2 nodes. 

Since P5 is use as transit router for P3 (merger of P1 and P2 detour) and P4 and the next-hop for these detours LSP are same that is node P6, therefor P5 can merge the detour receive from nodes P4 and P3, two detour paths together as indicated by the identical label out value 299840. This means that whether P5 receives traffic from P3 with a label value of 299824 or receive traffic from P2 with a label value of 299840, P4 will forward the packet to P5 with a label value 299840. The Label out value in the detour branch from 172.16.31.1 is 299840, the same value as label out value on node P4.

Figure-10:  P6 show mpls lsp extensive
In Figure-10 the sample output from node P6 showing the three detour branch paths. The only path information showing here is for the Detour branch from 172.16.31.1 (P2 detour path). It receives from node P5 and P5 merge the path info for other detour paths within this detour. The label in value for that path is 299840 and label out value is 3 indicates that node P6 is the penultimate hop on this MPLS network. The Detour branch from 172.16.21.1 (P1 detour path) is already merge with P2 detour path on node P4 therefor it is not showing any path information. The Detour branch from 172.16.32.1 (P3 detour path) is also merge with P2 detour path on node P5 therefor it is also not showing any path information.

~~~~ THE END ~~~~
at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)