Preview
Rate this lesson

In the last video, we discussed the concept and theory of segment routing protection, including link protection, node protection, SRLG protection, or a mixture of these in a given topology. This video shows how segment routing protection is implemented and how we can monitor and troubleshoot segment routing protection in the exact same topology.

segment routing protection concept

This is the topology we are working on. This is the same topology we discussed in the previous section, but details are also shown, including interface numbers, the IP addresses, configuration and also troubleshooting commands.

segment routing protection Topology

Just to review, xrv1 and xrv6 are our edge routers. The IP addresses of the loopback interfaces range from 1.1.1.1 to 6.6.6.6 according to the router number. The IP address of Ethernet interfaces is also based on the router numbers connected to the link. For example, the IP address on the connection between xrv1 and xrv2 is 10.1.2.x / 24. The last digit of the IP address is also configured based on the router number.

notice that the cost of all links are equal to one except those that I have manually changed and it is written on the picture. For example the cost between xrv1 and xrv3 is configured equal to 4.

In the left side, the configuration of OSPF and segment routing in xrv2 is shown. With two commands “segment routing mpls” and “segment routing forwarding mpls”, segment routing is enabled. Prefix-SID of loopback0 of every router is manually configured from 16001 to 16006. In exrv2 the value of prefix-SID is 2 or 16002. Network type of all ethernet interfaces in OSPF are configured as point-to-point. The cost of interfaces is also changed based on the topology and configured in the Interfaces section. In the middle of the photo, the configuration of segment routing protection is displayed. And in the right section of photo, you can see troubleshooting commands for segment routing protection. Although we used OSPF as the routing protocol here, the monitoring commands related to ISIS routing protocol are also shown here. The first two commands are used when using the ISIS routing protocol. The third and fourth commands are for OSPF, which we’ll see in a few minutes. The last four monitoring commands are independent of the routing protocol, which show the routing table, CEF table and also LFIB table.

RP/0/RP0/CPU0:xrv2#show runn router ospf
Thu Jun 24 19:00:59.989 UTC
router ospf 1
 router-id 2.2.2.2
 segment-routing mpls
 segment-routing forwarding mpls
 address-family ipv4 unicast
 area 0
  interface Loopback0
   passive enable
   prefix-sid index 2
  !
  interface GigabitEthernet0/0/0/0
   network point-to-point
  !
  interface GigabitEthernet0/0/0/1
   cost 7
   network point-to-point
  !
  interface GigabitEthernet0/0/0/2
   network point-to-point
  !
  interface GigabitEthernet0/0/0/3
   cost 9
   network point-to-point

Enable link protection in router xrv1

For the first example, we implement segment routing link protection in router xrv1 and on the link between xrv1-xrv2. With two commands “fast-reroute per-prefix” and “fast-reroute per-prefix ti-lfa enable”, link protection is enabled. You can use these two commands in interface level, area level and process level. With configuring these two commands in process level, all interfaces in the router are protected. And when configuring in area level, all interfaces in that area are protected.

The aim of the first example is to show, how we can check main route and also backup route in the output of the fast-reroute command, in the routing table, in the FIB table and also in the LFIB table. we check all the outputs for the destination 6.6.6.6 but our commands apply to all destination. Another important property of this example is that when traffic are forwarded in the backup route, no segment or zero segment is inserted into the traffic, since there is no loop probability.

In the next example, we will protect link protection in xrv2,  but the difference is that, xrv2 will add two segments in the traffic going through backup route to prevent the loop.

For this reason, link protection is implemented two times in this video. Once in xrv1, which adds zero segments in the traffic forwarding via the backup route, and once in xrv2, which adds two segments in the traffic forwarding via the backup route to ensure that no loops occur.

In the third example we will run node protection to find a backup route which exclude the next-hop router and in the fourth example we will run both SRLG protection and node protection together to find a backup route which exclude both next-hop router and all links in the same SRLG groups. When there is no backup route to protect both node and SRLG links, then it protect the one with higher priority or lower index value. In both cases we will check how many segments are inserted in the traffic forwarding via backup route to prevent loop.

The first scenario is to show you how segment routing automatically does protection and also show you how backup route with “zero segment” in installed in routing table.

With command “show running-config router ospf 1”, you can make sure that link protection is already enabled in the link between xrv1-xrv2.

RP/0/RP0/CPU0:xrv1#show runn router ospf
Thu Jun 24 19:03:17.144 UTC
router ospf 1
 router-id 1.1.1.1
 segment-routing mpls
 segment-routing forwarding mpls
 address-family ipv4 unicast
 area 0
  interface Loopback0
   passive enable
   prefix-sid index 1
  !
  interface GigabitEthernet0/0/0/0
   network point-to-point
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa enable
  !
  interface GigabitEthernet0/0/0/1
   cost 4
   network point-to-point

With command “show ospf 1 routes 6.6.6.6/32 backup-path detail”, you can check backup route for the destination 6.6.6.6.

RP/0/RP0/CPU0:xrv1#show ospf 1 routes 6.6.6.6/32 backup-path detail
Thu Jun 24 19:07:38.734 UTC

OSPF Route entry for 6.6.6.6/32
  Route type:  Intra-area
  Last updated: Jun 20 22:14:56.792 
  Metric: 4
  SPF priority: 4,  SPF version: 45
  RIB version: 0,  Source: Unknown
  Label Info: Default 16006 SSPF 0 Type SR
       10.1.2.2, from 6.6.6.6, via GigabitEthernet0/0/0/0, path-id 1
        LSA: 1/6.6.6.6/6.6.6.6, Area: 0
           Backup path:
              10.1.3.3, from 6.6.6.6, via GigabitEthernet0/0/0/1, protected bitmap 0000000000000001
              Attributes: Metric: 7, Downstream, Node Protect, Interface Disjoint, SRLG Disjoint

as you can see, the main route outgoing interface for destination 6.6.6.6 is GigabitEthernet0/0/0/0 with the next-hop address 10.1.2.2 and the backup route outgoing interface is GigabitEthernet0/0/0/1 with the next-hop address 10.1.3.3. there will be no segment for the backup route It means there will be no routing loop probability.

With “show route 6.6.6.6/32 detail” command, you can check the routing table to display both main protected route and also backup route. The main route is tagged as protected and the backup route is tagged as backup. As you can see in both main route and backup route, there will be only one label added to the packet which point to the destination itself. This is called “zero segment” protection.

RP/0/RP0/CPU0:xrv1# show route 6.6.6.6/32 detail
Thu Jun 24 19:09:14.675 UTC

Routing entry for 6.6.6.6/32
  Known via "ospf 1", distance 110, metric 4, labeled SR, type intra area
  Installed Jun 21 10:05:00.535 for 3d09h
  Routing Descriptor Blocks
    10.1.2.2, from 6.6.6.6, via GigabitEthernet0/0/0/0, Protected

      Route metric is 4
      Label: 0x3e86 (16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:1       Path ref count:0
      NHID:0x1(Ref:13)
      Backup path id:65
      OSPF area: 0
    10.1.3.3, from 6.6.6.6, via GigabitEthernet0/0/0/1, Backup (Local-LFA)
      Route metric is 0
      Label: 0x3e86 (16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:65              Path ref count:1
      NHID:0x2(Ref:13)
      OSPF area: 0
  Route version is 0x3a (58)
  Local Label: 0x3e86 (16006)
  IP Precedence: Not Set
  QoS Group ID: Not Set
  Flow-tag: Not Set
  Fwd-class: Not Set
  Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (7) SVD Type RIB_SVD_TYPE_LOCAL
  Download Priority 1, Download Version 541
  No advertising protos. 
RP/0/RP0/CPU0:xrv1# 

You can also check FIB (CEF) table and also LFIB table with these commands to display both main route and backup route and the labels which will be imposed to the packet itself.

RP/0/RP0/CPU0:xrv1#show cef 6.6.6.6/32 detail
Thu Jun 24 19:10:24.419 UTC
6.6.6.6/32, version 541, labeled SR, internal 0x1000001 0x81 (ptr 0xe029778) [1], 0x0 (0xe1eb668), 0xa28 (0xf2b90a8)
 Updated Jun 21 10:05:00.585 
 remote adjacency to GigabitEthernet0/0/0/0
 Prefix Len 32, traffic index 0, precedence n/a, priority 1
  gateway array (0xe053af0) reference count 9, flags 0x500068, source rib (7), 0 backups
                [4 type 5 flags 0x8401 (0xebc1a00) ext 0x0 (0x0)]
  LW-LDI[type=5, refc=3, ptr=0xe1eb668, sh-ldi=0xebc1a00]
  gateway array update type-time 1 Jun 20 22:20:35.163
 LDI Update time Jun 20 22:20:35.215
 LW-LDI-TS Jun 20 22:27:46.908
   via 10.1.2.2/32, GigabitEthernet0/0/0/0, 8 dependencies, weight 0, class 0, protected [flags 0x400]
    path-idx 0 bkup-idx 1 NHID 0x0 [0xf393190 0x0]
    next hop 10.1.2.2/32
     local label 16006      labels imposed {16006}
   via 10.1.3.3/32, GigabitEthernet0/0/0/1, 9 dependencies, weight 0, class 0, backup (Local-LFA) [flags 0x300]
    path-idx 1 NHID 0x0 [0xf1041d0 0x0]
    next hop 10.1.3.3/32
    remote adjacency
     local label 16006      labels imposed {16006}

    Load distribution: 0 (refcount 4)

    Hash  OK  Interface                 Address
    0     Y   GigabitEthernet0/0/0/0    remote         
RP/0/RP0/CPU0:xrv1#show mpls forwarding labels 16006 detail
Thu Jun 24 19:12:17.891 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16006  16006       SR Pfx (idx 6)     Gi0/0/0/0    10.1.2.2        0           
     Updated: Jun 20 22:27:46.908
     Path Flags: 0x400 [  BKUP-IDX:1 (0xf393190) ]
     Version: 541, Priority: 1
     Label Stack (Top -> Bottom): { 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 1, Weight: 0
     MAC/Encaps: 4/8, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/0 (ifhandle 0x01000018)
     Packets Switched: 0

       16006       SR Pfx (idx 6)     Gi0/0/0/1    10.1.3.3        0            (!)
     Updated: Jun 20 22:27:46.908
     Path Flags: 0x300 [  IDX:1 BKUP, NoFwd ]
     Version: 541, Priority: 1
     Label Stack (Top -> Bottom): { 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
     MAC/Encaps: 4/8, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/1 (ifhandle 0x01000048)
     Packets Switched: 0
     (!): FRR pure backup
          
  Traffic-Matrix Packets/Bytes Switched: 0/0
RP/0/RP0/CPU0:xrv1#

Enable link protection in router xrv2

In the second scenario, we enable protection in the router xrv2 and the link xrv2-xrv4. In this scenarioو backup path for destination 6.6.6.6 include “two segments” to make sure that there will be no transient loop.

First with “show running-config router ospf”, we make sure that link protection is already enabled.

RP/0/RP0/CPU0:xrv2#show runn router ospf
Thu Jun 24 19:14:51.111 UTC
router ospf 1
 router-id 2.2.2.2
 segment-routing mpls
 segment-routing forwarding mpls
 address-family ipv4 unicast
 area 0
  interface Loopback0
   passive enable
   prefix-sid index 2
  !
  interface GigabitEthernet0/0/0/0
   network point-to-point
  !
  interface GigabitEthernet0/0/0/1
   cost 7
   network point-to-point
  !
  interface GigabitEthernet0/0/0/2
   network point-to-point
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa enable
  !
  interface GigabitEthernet0/0/0/3
   cost 9
   network point-to-point

With the command “show ospf 1 routes 6.6.6.6/32 backup-path detail”, both main route and backup route will be displayed.

l

RP/0/RP0/CPU0:xrv2#show ospf 1 routes 6.6.6.6/32 backup-path detail
Thu Jun 24 19:17:40.969 UTC

OSPF Route entry for 6.6.6.6/32
  Route type:  Intra-area
  Last updated: Jun 20 23:35:47.323 
  Metric: 3
  SPF priority: 4,  SPF version: 39
  RIB version: 0,  Source: Unknown
  Label Info: Default 16006 SSPF 0 Type SR
       10.2.4.4, from 6.6.6.6, via GigabitEthernet0/0/0/2, path-id 1
        LSA: 1/6.6.6.6/6.6.6.6, Area: 0
           Backup path: TI-LFA, Repair-List: P node: 1.1.1.1         Label: 3
                                             Q node: 3.3.3.3         Label: 24005
              10.1.2.1, from 6.6.6.6, via GigabitEthernet0/0/0/0, protected bitmap 0000000000000001
              Attributes: Metric: 8, Interface Disjoint, 

As you can see, the main path is R2-R4-R6 and the backup path is R2-R1-R3-R4-R6. And to make sure that there will be no loop, two extra segments 1.1.1.1 and 3.3.3.3 will be added to the packets forwarding through backup path to make sure there will be no loop. 

Here you can see two keywords, P node and Q node which I have not talked about them. These are the keywords used in TI-LFA algorithm. If you are interested to know more about them, it is recommended to study the details of TI-LFA algorithm.

TI-LFA Algorithm details

To see the imposing labels which route the traffic through 1.1.1.1 and 3.3.3.3 in backup path, you can also check between routing table, FIB (CEF) table and also LFIB table.

Let’s check the routing table.

RP/0/RP0/CPU0:xrv2#show route 6.6.6.6/32 detail
Thu Jun 24 19:19:38.317 UTC

Routing entry for 6.6.6.6/32
  Known via "ospf 1", distance 110, metric 3, labeled SR, type intra area
  Installed Jun 24 19:17:20.464 for 00:02:18
  Routing Descriptor Blocks
    10.1.2.1, from 6.6.6.6, via GigabitEthernet0/0/0/0, Backup (TI-LFA)
      Repair Node(s): 1.1.1.1, 3.3.3.3
      Route metric is 8
      Labels: 0x3 0x5dc5 0x3e86 (3 24005 16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:66              Path ref count:1
      NHID:0x3(Ref:11)
      OSPF area: 
    10.2.4.4, from 6.6.6.6, via GigabitEthernet0/0/0/2, Protected
      Route metric is 3
      Label: 0x3e86 (16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:1       Path ref count:0
      NHID:0x4(Ref:10)
      Backup path id:66
      OSPF area: 0
  Route version is 0x44 (68)
  Local Label: 0x3e86 (16006)
  IP Precedence: Not Set
  QoS Group ID: Not Set
  Flow-tag: Not Set
  Fwd-class: Not Set
  Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (7) SVD Type RIB_SVD_TYPE_LOCAL
  Download Priority 1, Download Version 483
  No advertising protos. 

The imposing label will be (3 24005 16006). 3 means pop to forward traffic to R1 and then 24005 which is adj-SID and in xrv1 which points to the link between xrv1 and xrv3. With the command “show ospf neighbor 3.3.3.3 detail” in xrv1, the label 24005 is shown as the label between xrv1-xrv3.

RP/0/RP0/CPU0:xrv1#show ospf neighbor 3.3.3.3 detail
Thu Jun 24 19:20:46.977 UTC

* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up

Neighbors for OSPF 1

 Neighbor 3.3.3.3, interface address 10.1.3.3
    In the area 0 via interface GigabitEthernet0/0/0/1 
    Neighbor priority is 1, State is FULL, 6 state changes
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x52  
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:33
    Neighbor is up for 3d21h
    Number of DBD retrans during last exchange 0
    Index 2/2, retransmission queue length 0, number of retransmission 0
    First 0(0)/0(0) Next 0(0)/0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
    LS Ack list: NSR-sync pending 0, high water mark 0
    Adjacency SIDs:
        Label: 24005,    Dynamic, Unprotected
        Label: 24007,    Dynamic,   Protected (Has backup)
    Neighbor Interface ID: 7


Total neighbor count: 1

Label 16006 is also point to the destination itself.

We can check also CEF table and LFIB table to display the same output.

RP/0/RP0/CPU0:xrv2#show cef 6.6.6.6/32 detail
Thu Jun 24 19:21:51.981 UTC
6.6.6.6/32, version 483, labeled SR, internal 0x1000001 0x81 (ptr 0xdc8f640) [1], 0x0 (0xde52028), 0xa28 (0xf1ed3c0)
 Updated Jun 24 19:17:20.545 
 remote adjacency to GigabitEthernet0/0/0/2
 Prefix Len 32, traffic index 0, precedence n/a, priority 1
  gateway array (0xdcbb0b0) reference count 9, flags 0x500068, source rib (7), 0 backups
                [7 type 4 flags 0x8401 (0xe639698) ext 0x0 (0x0)]
  LW-LDI[type=1, refc=1, ptr=0xde52028, sh-ldi=0xe639698]
  gateway array update type-time 1 Jun 24 19:17:20.522
 LDI Update time Jun 24 19:17:20.536
 LW-LDI-TS Jun 24 19:17:20.545
   via 10.1.2.1/32, GigabitEthernet0/0/0/0, 11 dependencies, weight 0, class 0, backup (TI-LFA) [flags 0xb00]
    path-idx 0 NHID 0x0 [0xf1040b0 0xf104260]
    next hop 10.1.2.1/32, Repair Node(s): 1.1.1.1, 3.3.3.3
    remote adjacency
     local label 16006      labels imposed {ImplNull 24005 16006}
   via 10.2.4.4/32, GigabitEthernet0/0/0/2, 2 dependencies, weight 0, class 0, protected [flags 0x400]
    path-idx 1 bkup-idx 0 NHID 0x0 [0xf2a5690 0xf2a53f0]
    next hop 10.2.4.4/32
     local label 16006      labels imposed {16006}

    Load distribution: 0 (refcount 7)

    Hash  OK  Interface                 Address
    0     Y   GigabitEthernet0/0/0/2    remote         
RP/0/RP0/CPU0:xrv2#show mpls forwarding labels 16006 detail
Thu Jun 24 19:22:50.132 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16006  16006       SR Pfx (idx 6)     Gi0/0/0/2    10.2.4.4        0           
     Updated: Jun 24 19:17:20.545
     Path Flags: 0x400 [  BKUP-IDX:0 (0xf2a5690) ]
     Version: 483, Priority: 1
     Label Stack (Top -> Bottom): { 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
     MAC/Encaps: 4/8, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/2 (ifhandle 0x01000040)
     Packets Switched: 0

       Pop         SR Pfx (idx 6)     Gi0/0/0/0    10.1.2.1        0            (!)
     Updated: Jun 24 19:17:20.545
     Path Flags: 0xb00 [  IDX:0 BKUP, NoFwd ]
     Version: 483, Priority: 1
     Label Stack (Top -> Bottom): { Imp-Null 24005 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
     MAC/Encaps: 4/12, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/0 (ifhandle 0x01000018)
     Packets Switched: 0
     (!): FRR pure backup
          
  Traffic-Matrix Packets/Bytes Switched: 0/0

Enable node protection in router xrv2

The next step is to enable node protection in xrv2. To enable node protection in xrv2, we add command related to node protection in interface level or process level. Here I add node protection in process level which protects all neighbor routers.

router ospf 1
 fast-reroute per-prefix
 fast-reroute per-prefix tiebreaker node-protecting index 100

The index value is important if SRLG protection is also configured. With index value you can assign the priority of the node protection and the SRLG protection. If it is not possible to protect both, the protection with the lower index value and higher priority is applied to the router.

Here the backup path must exclude xrv4 router. With the command “show ospf 1 routes 6.6.6.6/32 backup-path detail”, both main route and backup route will be displayed.

RP/0/RP0/CPU0:xrv2#show ospf 1 routes 6.6.6.6/32 backup-path detail
Thu Jun 24 19:25:21.287 UTC

OSPF Route entry for 6.6.6.6/32
  Route type:  Intra-area
  Last updated: Jun 20 23:35:47.323 
  Metric: 3
  SPF priority: 4,  SPF version: 39
  RIB version: 0,  Source: Unknown
  Label Info: Default 16006 SSPF 0 Type SR
       10.2.4.4, from 6.6.6.6, via GigabitEthernet0/0/0/2, path-id 1
        LSA: 1/6.6.6.6/6.6.6.6, Area: 0
           Backup path: TI-LFA, Repair-List: P node: 1.1.1.1         Label: 3
                                             Q node: 3.3.3.3         Label: 24005
                                             Q node: 5.5.5.5         Label: 24002
              10.1.2.1, from 6.6.6.6, via GigabitEthernet0/0/0/0, protected bitmap 0000000000000001
              Attributes: Metric: 10, Node Protect, Interface Disjoint, 

as you can see the backup path is through xrv1-xrv3-xrv5-xrv6 and to prevent loop,  segments xrv1, xrv3 and xrv5 are inserted to the traffic going over backup path. so the backup path exclude xrv4 router.

With “show route 6.6.6.6/32 detail” , you can check which labels are inserted to the packet. As you can see next-hp router is 10.1.2.1 and labels (24005 24002 16006) are inserted to the traffic forwarded  through backup path to prevent loop.

RP/0/RP0/CPU0:xrv2#show route 6.6.6.6/32 detail
Thu Jun 24 19:26:16.717 UTC

Routing entry for 6.6.6.6/32
  Known via "ospf 1", distance 110, metric 3, labeled SR, type intra area
  Installed Jun 24 19:24:14.348 for 00:02:02
  Routing Descriptor Blocks
    10.1.2.1, from 6.6.6.6, via GigabitEthernet0/0/0/0, Backup (TI-LFA)
      Repair Node(s): 1.1.1.1, 3.3.3.3
      Route metric is 8
      Labels: 0x5dc5 0x5dc2 0x3e86 (24005 24002 16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:66              Path ref count:1
      NHID:0x3(Ref:11)
      OSPF area: 
    10.2.4.4, from 6.6.6.6, via GigabitEthernet0/0/0/2, Protected
      Route metric is 3
      Label: 0x3e86 (16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:1       Path ref count:0
      NHID:0x4(Ref:10)
      Backup path id:66
      OSPF area: 0
  Route version is 0x46 (70)
  Local Label: 0x3e86 (16006)
  IP Precedence: Not Set
  QoS Group ID: Not Set
  Flow-tag: Not Set
  Fwd-class: Not Set
  Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (7) SVD Type RIB_SVD_TYPE_LOCAL
  Download Priority 1, Download Version 495
  No advertising protos. 

label 24005 is adj-SID which point to the link between xrv1-xrv3 and you can check it with command “show ospf neighbor 3.3.3.3 detail” in xrv1

RP/0/RP0/CPU0:xrv1#show ospf neighbor 3.3.3.3 detail
Thu Jun 24 19:50:50.893 UTC

* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up

Neighbors for OSPF 1

 Neighbor 3.3.3.3, interface address 10.1.3.3
    In the area 0 via interface GigabitEthernet0/0/0/1 
    Neighbor priority is 1, State is FULL, 6 state changes
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x52  
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:39
    Neighbor is up for 3d21h
    Number of DBD retrans during last exchange 0
    Index 2/2, retransmission queue length 0, number of retransmission 0
    First 0(0)/0(0) Next 0(0)/0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
    LS Ack list: NSR-sync pending 0, high water mark 0
    Adjacency SIDs:
        Label: 24005,    Dynamic, Unprotected
        Label: 24007,    Dynamic,   Protected (Has backup)
    Neighbor Interface ID: 7


Total neighbor count: 1
RP/0/RP0/CPU0:xrv1#

label 24002 point to the link between xrv3-xrv5 which you can check with command “show ospf neighbor 5.5.5.5 detail” in xrv3.

RP/0/RP0/CPU0:xrv3#show ospf neighbor 5.5.5.5 detail
Thu Jun 24 19:51:44.817 UTC

* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up

Neighbors for OSPF 1

 Neighbor 5.5.5.5, interface address 10.3.5.5
    In the area 0 via interface GigabitEthernet0/0/0/2 
    Neighbor priority is 1, State is FULL, 6 state changes
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x52  
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:37
    Neighbor is up for 3d21h
    Number of DBD retrans during last exchange 0
    Index 3/3, retransmission queue length 0, number of retransmission 3
    First 0(0)/0(0) Next 0(0)/0(0)
    Last retransmission scan length is 1, maximum is 1
    Last retransmission scan time is 0 msec, maximum is 0 msec
    LS Ack list: NSR-sync pending 0, high water mark 0
    Adjacency SIDs:
        Label: 24002,    Dynamic, Unprotected
    Neighbor Interface ID: 7
          

Total neighbor count: 1

And finally label 16006 points to the router xrv6 which is the destination of the traffic.

It is also recommended to check CEF table and LFIB table to see the best path, backup path and segments inserted to the traffic, forwarded though back path.

RP/0/RP0/CPU0:xrv2#show cef 6.6.6.6/32 detail
Thu Jun 24 19:52:34.813 UTC
6.6.6.6/32, version 495, labeled SR, internal 0x1000001 0x81 (ptr 0xdc8f640) [1], 0x0 (0xde51b68), 0xa28 (0xf1ed6d8)
 Updated Jun 24 19:24:14.377 
 remote adjacency to GigabitEthernet0/0/0/2
 Prefix Len 32, traffic index 0, precedence n/a, priority 1
  gateway array (0xdcbb368) reference count 6, flags 0x500068, source rib (7), 0 backups
                [3 type 5 flags 0x8401 (0xe638fb0) ext 0x0 (0x0)]
  LW-LDI[type=5, refc=3, ptr=0xde51b68, sh-ldi=0xe638fb0]
  gateway array update type-time 1 Jun 24 19:24:14.378
 LDI Update time Jun 24 19:24:14.378
 LW-LDI-TS Jun 24 19:24:14.378
   via 10.1.2.1/32, GigabitEthernet0/0/0/0, 11 dependencies, weight 0, class 0, backup (TI-LFA) [flags 0xb00]
    path-idx 0 NHID 0x0 [0xf104260 0x0]
    next hop 10.1.2.1/32, Repair Node(s): 1.1.1.1, 3.3.3.3
    remote adjacency
     local label 16006      labels imposed {24005 24002 16006}
   via 10.2.4.4/32, GigabitEthernet0/0/0/2, 8 dependencies, weight 0, class 0, protected [flags 0x400]
    path-idx 1 bkup-idx 0 NHID 0x0 [0xf2a53f0 0x0]
    next hop 10.2.4.4/32
     local label 16006      labels imposed {16006}

    Load distribution: 0 (refcount 3)

    Hash  OK  Interface                 Address
    0     Y   GigabitEthernet0/0/0/2    remote         
RP/0/RP0/CPU0:xrv2#
RP/0/RP0/CPU0:xrv2#show mpls forwarding labels 16006 detail
Thu Jun 24 19:53:43.841 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16006  16006       SR Pfx (idx 6)     Gi0/0/0/2    10.2.4.4        0           
     Updated: Jun 24 19:24:14.378
     Path Flags: 0x400 [  BKUP-IDX:0 (0xf2a53f0) ]
     Version: 495, Priority: 1
     Label Stack (Top -> Bottom): { 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
     MAC/Encaps: 4/8, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/2 (ifhandle 0x01000040)
     Packets Switched: 0

       24005       SR Pfx (idx 6)     Gi0/0/0/0    10.1.2.1        0            (!)
     Updated: Jun 24 19:24:14.378
     Path Flags: 0xb00 [  IDX:0 BKUP, NoFwd ]
     Version: 495, Priority: 1
     Label Stack (Top -> Bottom): { 24005 24002 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
     MAC/Encaps: 4/16, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/0 (ifhandle 0x01000018)
     Packets Switched: 0
     (!): FRR pure backup
          
  Traffic-Matrix Packets/Bytes Switched: 0/0

Enable SRLG protection in router xrv2

In the last example I want to enable SRLG protection but also with node protection. In the previous example node protection was enabled and I will not disable it in this example and just add SRLG protection.

In SRLG protection, as you know, links in the same SRLG, are the links with shared hardware resources and when one of these links fails, it is supposed that other link also fail. So the backup path in SRLG protection must exclude all links in the same SRLG.

To enable SRLG protection in xrv2, first we have to specify which links are in the same SRLG which I have already configured. Then we add another command in interface level or process level to enable SRLG protection.

RP/0/RP0/CPU0:xrv2#show running-config srlg
Thu Jun 24 19:55:38.133 UTC
srlg
 interface GigabitEthernet0/0/0/0
  1 value 1111
 !
 interface GigabitEthernet0/0/0/2
  1 value 1111
router ospf 1
 router-id 2.2.2.2

 fast-reroute per-prefix
 fast-reroute per-prefix tiebreaker node-protecting index 100
 fast-reroute per-prefix tiebreaker srlg-disjoint index 120

We do not disable node protection of the last section. So in this scenario both node protection and SRLG protection are enabled. So the backup path must exclude both next-hop router and local SRLG links. If the router cannot find a backup path to satisfy both node and link protection, then router check which one has higher priority or lower index value and it protect only one of them which has higher priority.

In this scenario, backup path protect both node and SRLG links.

With “show ospf 1 routes 6.6.6.6/32 backup-path”, you can check both main path and backup path. As you can see backup path goes through xrv5 and then xrv6.

To see if any segment is added in the backup path, you can check with the command “show ospf 1 routes 6.6.6.6/32 backup-path”.  As you can see there is no segment to be inserted in the traffic forwarded through backup path since there is no loop probability.

RP/0/RP0/CPU0:xrv2#show ospf 1 routes 6.6.6.6/32 backup-path
Thu Jun 24 19:57:58.191 UTC

Topology Table for ospf 1 with ID 2.2.2.2

Codes: O - Intra area, O IA - Inter area
       O E1 - External type 1, O E2 - External type 2
       O N1 - NSSA external type 1, O N2 - NSSA external type 2

O    6.6.6.6/32, metric 3
       10.2.4.4, from 6.6.6.6, via GigabitEthernet0/0/0/2, path-id 1
           Backup path: TI-LFA
              10.2.5.5, from 6.6.6.6, via GigabitEthernet0/0/0/3, protected bitmap 0000000000000001
              Attributes: Metric: 11, Node Protect, Interface Disjoint, SRLG Disjoint
RP/0/RP0/CPU0:xrv2#show route 6.6.6.6/32 detail
Thu Jun 24 19:58:24.271 UTC

Routing entry for 6.6.6.6/32
  Known via "ospf 1", distance 110, metric 3, labeled SR, type intra area
  Installed Jun 24 19:57:07.506 for 00:01:16
  Routing Descriptor Blocks
    10.2.5.5, from 6.6.6.6, via GigabitEthernet0/0/0/3, Backup (Local-LFA)
      Route metric is 11
      Label: 0x3e86 (16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:65              Path ref count:1
      NHID:0xd(Ref:5)
      OSPF area: 
    10.2.4.4, from 6.6.6.6, via GigabitEthernet0/0/0/2, Protected
      Route metric is 3
      Label: 0x3e86 (16006)
      Tunnel ID: None
      Binding Label: None
      Extended communities count: 0
      Path id:1       Path ref count:0
      NHID:0x4(Ref:9)
      Backup path id:65
      OSPF area: 0
  Route version is 0x48 (72)
  Local Label: 0x3e86 (16006)
  IP Precedence: Not Set
  QoS Group ID: Not Set
  Flow-tag: Not Set
  Fwd-class: Not Set
  Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (7) SVD Type RIB_SVD_TYPE_LOCAL
  Download Priority 1, Download Version 507
  No advertising protos. 
RP/0/RP0/CPU0:xrv2#show cef 6.6.6.6/32 detail
Thu Jun 24 19:58:58.309 UTC
6.6.6.6/32, version 507, labeled SR, internal 0x1000001 0x81 (ptr 0xdc8f640) [1], 0x0 (0xde51b68), 0xa28 (0xf1ed3c0)
 Updated Jun 24 19:57:07.598 
 remote adjacency to GigabitEthernet0/0/0/2
 Prefix Len 32, traffic index 0, precedence n/a, priority 1
  gateway array (0xdcba230) reference count 3, flags 0x500068, source rib (7), 0 backups
                [2 type 5 flags 0x8401 (0xe6392f0) ext 0x0 (0x0)]
  LW-LDI[type=5, refc=3, ptr=0xde51b68, sh-ldi=0xe6392f0]
  gateway array update type-time 1 Jun 24 19:57:07.598
 LDI Update time Jun 24 19:57:07.598
 LW-LDI-TS Jun 24 19:57:07.598
   via 10.2.5.5/32, GigabitEthernet0/0/0/3, 6 dependencies, weight 0, class 0, backup (Local-LFA) [flags 0x300]
    path-idx 0 NHID 0x0 [0xf1044a0 0x0]
    next hop 10.2.5.5/32
    remote adjacency
     local label 16006      labels imposed {16006}
   via 10.2.4.4/32, GigabitEthernet0/0/0/2, 4 dependencies, weight 0, class 0, protected [flags 0x400]
    path-idx 1 bkup-idx 0 NHID 0x0 [0xf2a4190 0x0]
    next hop 10.2.4.4/32
     local label 16006      labels imposed {16006}

    Load distribution: 0 (refcount 2)

    Hash  OK  Interface                 Address
    0     Y   GigabitEthernet0/0/0/2    remote         
RP/0/RP0/CPU0:xrv2# show mpls forwarding labels 16006 detail     
Thu Jun 24 19:59:35.245 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16006  16006       SR Pfx (idx 6)     Gi0/0/0/2    10.2.4.4        0           
     Updated: Jun 24 19:57:07.598
     Path Flags: 0x400 [  BKUP-IDX:0 (0xf2a4190) ]
     Version: 507, Priority: 1
     Label Stack (Top -> Bottom): { 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
     MAC/Encaps: 4/8, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/2 (ifhandle 0x01000040)
     Packets Switched: 0

       16006       SR Pfx (idx 6)     Gi0/0/0/3    10.2.5.5        0            (!)
     Updated: Jun 24 19:57:07.598
     Path Flags: 0x300 [  IDX:0 BKUP, NoFwd ]
     Version: 507, Priority: 1
     Label Stack (Top -> Bottom): { 16006 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
     MAC/Encaps: 4/8, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/3 (ifhandle 0x01000038)
     Packets Switched: 0
     (!): FRR pure backup
          
  Traffic-Matrix Packets/Bytes Switched: 0/0
Back to: Segment Routing > segment routing protection (fast reroute)

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment