Link Protection feature provides the protection against the link failure along the LSP path. With link protection enable each LSR will try to find and establish an alternate path along the protected link to reach next router. This alternate path is use to transfer traffic when the protected link fails, the PLR (point of local repair) router will detect this failure and start sending transit traffic to alternate path. It uses the bypass LSP that creates the alternate path around the protected link. It is also known as next-hop bypass LSP.
The PLR will continue to forward the traffic to the alternate path until ingress router will establish and switch-over new primary or secondary path if one available. If ingress router fails to find new primary path or no secondary path defined or available then the transit traffic will continue to forward on bypass LSP.
Figure-1 showing A LSP name pe1-to-pe2, establish between router PE1 and router PE2. The solid green arrow shows the default primary LSP path (establish with the help of RSVP/CSPF). In Figure-1 if the link between P1 and P2 fails, the P1 router detects this failure and acts as PLR (Point of Local Repair) router. After the link failure is detected P1 starts sending the transit traffic on bypass path. In Figure-1 the establish bypass path is showing with dash arrows. For P1 to P2 link ge-0/0/0, P1 router creates a bypass path via P4 and P5 to reach P2.
All the routers along LSP will try to establish the bypass path. Considering Figure-1 following are the bypass paths for each LSR along the LSP pe1-to-pe2.
If network topology some how not able to provide the link protection on any LSR for a specific link/interface then the router does not create a bypass LSP thus does not provide link protection. Link protection will available only when the alternate path for a LSP path link available.
The Link-Protection is more scalable then the Fast Reroute. Remember that with Fast Reroute each LSP along the same path will create its own detour path. It means, if we have five LSPs traversing between the node P1 to P2 each LSP will create its own detour path. Whereas with link-protection node P1 can use the single next-hop-bypass LSP P1-P4-P5-P2 and provides the protection for any LSP that transits on link from P1 to P2.
In Figure 2, both the PE1-to-PE2 and PE3-to-PE4 LSPs share the same link between P1 and P2. P1 establish a single bypass path for both LSPs. If the link between P1 and P2 goes down, both LSPs can take the next-hop bypass LSP through P1-P4-P5-P2.
It is recommended to configured link-protection on all P and PE routers RSVP interfaces. Lets examine the label operation. First examine the PE1-and-PE2 LSP on P1 node. As shown on Figure-3 P1 establish this LSP as transit LSP with incoming label is 301056 (from PE1) and outgoing label is 300944 (to P2).
When the link between P1 and P2 fails and P1 switches the traffic to bypass LSP, it must swap the incoming label 301056 with outgoing label 300944, and then push the additional label 299936 as the top label (bypass LSP label) before forwarding transit traffic to P4. This label forces the transit traffic to use the bypass path in case of link failure.
On P4 and P5 the bypass LSP is establish as transit LSP. See Figure 10 for node P4 and Figure-11 for node P5.
The last diagram showing the label operation when multiple LSPs are traversing on protected link and using the single bypass LSP as failover. It shows that the link-protection provides the many-to-one LSPs failover.
The PLR will continue to forward the traffic to the alternate path until ingress router will establish and switch-over new primary or secondary path if one available. If ingress router fails to find new primary path or no secondary path defined or available then the transit traffic will continue to forward on bypass LSP.
 |
| Figure-1 |
All the routers along LSP will try to establish the bypass path. Considering Figure-1 following are the bypass paths for each LSR along the LSP pe1-to-pe2.
Node/Router
|
Protected Interface
|
Bypass Path
|
PE1
|
ge-0/0/9
|
PE1-P4-P1
|
P1
|
ge-0/0/0
|
P1-P4-P5-P2
|
P2
|
ge-0/0/1
|
P2-P5-P6-P3
|
P3
|
ge-0/0/9
|
P3-P6-PE2
|
PE2
|
Egress - Not Possible
|
Egress – Not Possible
|
If network topology some how not able to provide the link protection on any LSR for a specific link/interface then the router does not create a bypass LSP thus does not provide link protection. Link protection will available only when the alternate path for a LSP path link available.
The Link-Protection is more scalable then the Fast Reroute. Remember that with Fast Reroute each LSP along the same path will create its own detour path. It means, if we have five LSPs traversing between the node P1 to P2 each LSP will create its own detour path. Whereas with link-protection node P1 can use the single next-hop-bypass LSP P1-P4-P5-P2 and provides the protection for any LSP that transits on link from P1 to P2.
 |
| Figure-2 |
In Figure 2, both the PE1-to-PE2 and PE3-to-PE4 LSPs share the same link between P1 and P2. P1 establish a single bypass path for both LSPs. If the link between P1 and P2 goes down, both LSPs can take the next-hop bypass LSP through P1-P4-P5-P2.
Configuration
PE1
root@PE1.# show protocols mpls
label-switched-path pe1-to-pe2 {
from 192.168.1.1;
to 192.168.1.2;
link-protection;
}
interface ge-0/0/8.0;
interface ge-0/0/9.0;
root@PE1.# show protocols rsvp
interface ge-0/0/9.0 {
link-protection;
}
interface ge-0/0/8.0 {
link-protection;
}
PE3
root@PE3.# show protocols mpls
label-switched-path pe3-to-pe2 {
from 192.168.1.3;
to 192.168.1.2;
link-protection;
}
interface ge-0/0/8.0;
root@PE3.# show protocols rsvp
interface ge-0/0/8.0 {
link-protection;
}
P Routers
P Routers
root@P1.# show protocols rsvp
interface all {
link-protection;
}
root@P2.# show protocols rsvp
interface all {
link-protection;
}
root@P3.# show protocols rsvp
interface all {
link-protection;
}
root@P4.# show protocols rsvp
interface all {
link-protection;
}
root@P5.# show protocols rsvp
interface all {
link-protection;
}
root@P6.# show protocols rsvp
interface all {
link-protection;
}
It is recommended to configured link-protection on all P and PE routers RSVP interfaces. Lets examine the label operation. First examine the PE1-and-PE2 LSP on P1 node. As shown on Figure-3 P1 establish this LSP as transit LSP with incoming label is 301056 (from PE1) and outgoing label is 300944 (to P2).
 |
| Figure-3 |
 |
| Figure-4
The output in Figure-4 confirms that P1 swaps the incoming label (PE1) 301056 with outgoing label (P2) 300944 and when link fails between P1
and P2, P1 still swaps label 301056 for label 300944, but
then it also pushes label 299936 on top of 300944 and sends the packet out the
egress interface for the bypass LSP.On P4 the router swaps the outer label 299936 with 300064 and send the packet to P5. The inner label 300944 will remain intact. See Figure-5 and Figure-6
|
 |
| Figure-5 |
 |
| Figure-6
As the P5 is the PHP for bypass LSP, the router pops the 300064
label and sending the packet to P2 with only one
label in the stack 300944. So the end result is that the packet arrives P2 via bypass LSP with exactly same as if it comes directly from node P1. The incoming label on P2 is same for original LSP as well as for bypass LSP. The only difference is the interface from where the packet arrives at P2. This behavior is shown on Figure-7.
|
 |
| Figure-7 |
On P1 bypass LSP is establish as ingress bypass LSP. See Figure-8 and Figure-9
 |
| Figure-8 |
 |
| Figure-9 |
 |
| Figure-10 |
 |
| Figure-11 |
 |
| Figure-12 |
~~~~~~~~ THE END ~~~~~~~~
No comments:
Post a Comment